edit Windows PrivEsc

hdks-bug · hdks-bug · commit a6e4f23acb23 · 2025-03-28T18:48:24.000+09:00
diff --git a/src/exploit/blockchain/interact-with-ethereum-using-foundry.md b/src/exploit/blockchain/interact-with-ethereum-using-foundry.md
@@ -8,7 +8,7 @@ tags:
 refs:
     - https://github.com/foundry-rs/foundry
     - https://book.getfoundry.sh/
-date: 2023-08-14
+date: 2025-03-28
 draft: false
 ---
 
@@ -28,8 +28,6 @@ We can set the environment variable for **Ethereum RPC URL** to interact the Eth
 export ETH_RPC_URL="http://10.0.0.1:12345/path/to/rpc"
 ```
 
-<br />
-
 ## Investigating a Chain
 
 **`cast`** command of Foundry performs Ethereum RPC calls.
@@ -51,8 +49,6 @@ cast block-number
 cast block
 ```
 
-<br />
-
 ## Investigating Account
 
 ```bash
@@ -62,17 +58,22 @@ cast balance 0x123...
 cast balance beer.eth
 ```
 
-<br />
-
 ## Investigating Contract
 
 ```sh
 # Get the source code of a contract from Etherscan
-cast etherscan-source <contract_address>
-cast etherscan-source 0x123...
+cast source <contract_address> -e <etherscan_api_key>
 ```
 
-<br />
+## Call Functions
+
+If we know the functions of a target contract, we can simply call them. Note that these command do NOT send transactions, so cannot change states or values in the contract.
+
+```bash
+cast call --private-key <private_key_addr> <contract_addr> "getFlag()(string memory)"
+
+cast call --private-key <private_key_addr> <contract_addr> "isSolved()(bool)"
+```
 
 ## Send Transactions
 
@@ -92,4 +93,6 @@ cast send --private-key 0x123... 0xabc... "dummy()"
 # Send Ether to call the receive function
 cast send --private-key <private_key_addr> <contract_addr> --value 10gwei
 cast send --private-key 0x123... 0xabc... --value 10gwei
-```
+```
+
+If we got error like unsupported feature: eip1559 , add `--legacy` flag for the command.
diff --git a/src/exploit/windows/privilege-escalation/index.md b/src/exploit/windows/privilege-escalation/index.md
@@ -8,7 +8,7 @@ tags:
 refs:
     - https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation
     - https://learn.microsoft.com/en-us/powershell/scripting/samples/working-with-registry-keys?view=powershell-7.3
-date: 2025-03-19
+date: 2025-03-28
 draft: false
 ---
 
@@ -111,6 +111,9 @@ dir "C:\Program Files (x86)\hMailServer\Data\"
 # DPAPI protected data (https://www.thehacker.recipes/ad/movement/credentials/dumping/dpapi-protected-secrets)
 dir -Force C:\Users\<user>\AppData\Local\Microsoft\Credentials\
 dir -Force C:\Users\<user>\AppData\Roaming\Microsoft\Credentials\
+
+# Check access control for a specific directory
+Get-Acl C:\Users\Administrator
 ```
 
 ### Find Vulnerable Privileges
