DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation

Posted on 11 September 2020

This Metasploit module exploits a feature in the DNS service of Windows Server. Users of the DnsAdmins group can set the ServerLevelPluginDll value using dnscmd.exe to create a registry key at HKLMSYSTEMCurrentControlSetServicesDNSParameters named ServerLevelPluginDll that can be made to point to an arbitrary DLL.