GitBook: [master] 2 pages modified

2020-07-27 15:27:48 +00:00 · 2020-07-27 15:27:48 +00:00 · a08335ec2c
commit a08335ec2c
parent 8963530f84
2 changed files with 6 additions and 0 deletions
--- a/pentesting/9200-pentesting-elasticsearch.md
+++ b/pentesting/9200-pentesting-elasticsearch.md
@ -117,6 +117,8 @@ If you want just to **search on an index** you can just **specify** it on the **

 _Note that the q parameter used to search content **supports regular expressions**_

+You can also use something like [https://github.com/misalabs/horuz](https://github.com/misalabs/horuz) to fuzz an elasticsearch service.
+
 ### Write permissions

 You can check your write permissions trying to create a new document inside a new index running something like the following:
--- a/windows/windows-local-privilege-escalation/README.md
+++ b/windows/windows-local-privilege-escalation/README.md
@ -974,6 +974,10 @@ If you want to read an example of [**how to go from high integrity to System usi
 If you manages to **hijack a dll** being **loaded** by a **process** running as **SYSTEM** you will be able to execute arbitrary code with those permissions. Therefore Dll Hijacking is also useful to this kind of privilege escalation, and, moreover, if far **more easy to achieve from a high integrity process** as it will have **write permissions** on the folders used to load dlls.  
 **You can** [**learn more about Dll hijacking here**](dll-hijacking.md)**.**

+### **From Administrator or Network Service to System**
+
+\*\*\*\*[**https://github.com/sailay1996/RpcSsImpersonator**](https://github.com/sailay1996/RpcSsImpersonator)\*\*\*\*
+
 ## More help

 [Static impacket binaries](https://github.com/ropnop/impacket_static_binaries)