Backdoorplz, a privilege escalation tool for Windows

Security pentester Jean Maes published a tool on Github called Backdoorplz.

Backdoorplz [1] is a portable executable (PE) file that creates a user (“LegitAdmin” with password “Backdoor123!”) on a Windows device and adds it to the local administrators group of granting administrator privileges to the user.
The command is done by making win32 API calls on the system.

Usage

Backdoorplz can be deployed by running directly the executable or injecting its DLL version on a legitimate program on the target device. This tool could be leveraged by adversaries to gain higher-level permissions on a system or network.


References

Related posts

  1. If you’re a fan of Volatility, you’ll love CrowdStrike’s SuperMem
  2. How “Process Ghosting“ works
  3. Windows registry Transaction Logs in forensic analysis
  4. Linux Forensics: Memory Capture and Analysis
  5. Technology Roundup #16