<aside>
SeManageVolumeExploit.exe grants full permission on C:\ drive for all users on the machine.
<https://medium.com/@raphaeltzy13/exploiting-semanagevolumeprivilege-with-dll-hijacking-windows-privilege-escalation-1a4f28372d37>
# <https://github.com/CsEnox/SeManageVolumeExploit>
# From Releases
SeManageVolumeExploit.exe
Upload SeManageVolumeExploit.exe to the target and execute it. After execution, we discover that the BUILTIN\\Users group has full permissions on the Windows folder.
</aside>
lets users read any file on the system, ignoring file permissions. Attackers can use it to dump sensitive files like the SAM or SYSTEM hive.
grants the ability to write to any file or registry key without adhering to the set file permissions. Hence, it can be abused to overwrite critical system files or registry settings.
allows the account to attach a debugger to any process. As a result, the attacker can use the privilege to dump memory from LSASS and extract credentials or even inject malicious code into privileged processes.