Hello Secjuice drinkers, I am Patrick Hoogeveen aka x0xr00t! This quest started a while ago when windows 11 was in test release, at the time windows server 2022 had just been released and so I got to work. The first thing I noticed when installing windows 11 and trying it out was that I could use a windows 10 serial key activator, the version it validated was not included in the installer of windows 11 which is enterprise, but my windows to tool activated as if it was.
I realized under the hood it was still the basic windows 10 in terms of its structure, so with that came the next great logical leap! Most of the previously found local exploits should work on widows 11 so with that in mind I started compiling the needed files for the bypass. I tested it and immediately had cmd with system32 invoked.
So with that I started to think, windows server just been released, how likely would it be that we can do the same thing on windows server 2022? So i started to look if the same thing was going on there. Sure enough under the hood I saw the same internal structure.
I started to transfer the files I needed, I ran the files and stumbled on two password authentication modules, I gotta find a way around this, so i started digging around for a solution. After a while the popups where gone and I had system32 cmd with powershell admin invoked.
Affected OS Versions
This part was pretty easy as when the cmd is called its already elevated, so i was like lets add a user before it ..
Support the originator by clicking the read the rest link below.
