sebackupprivilege

  • After gaining access to the machine as a svc_backup user, we examine the user’s permissions by running the whoami /all command. We notice that the user is a member of the Backup Operators group, which has the SeBackupPrivilege and SeRestorePrivilege enabled as part of its privileges. Since we are a member of the Backup Operators…

    Read More