DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation
Posted on 11 September 2020
This Metasploit module exploits a feature in the DNS service of Windows Server. Users of the DnsAdmins group can set the ServerLevelPluginDll value using dnscmd.exe to create a registry key at HKLMSYSTEMCurrentControlSetServicesDNSParameters named ServerLevelPluginDll that can be made to point to an arbitrary DLL.