sailay1996

sailay1996 / vss-fr2system

Public

test

19
3
69% credibility
Found Apr 25, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C
AI Summary

Tools for security researchers to escalate from standard user to full system privileges on Windows by accessing shadow copies of protected hives and decrypting credentials offline.

How It Works

1
🔍 Discover Security Testing Tools

You find these handy tools online that help security testers check for weaknesses in Windows systems by making safe copies of locked files.

2
📥 Download and Prepare

You grab the ready-to-run programs and place them in a test folder on your Windows computer.

3
▶️ Start the Snapshot Maker

You launch the first program as a regular user, and it tricks the antivirus into creating a quick backup copy of important system areas that you can access.

4
Spot the Backup Path

The program shows you the special path to the fresh backup, giving you a short window to grab files before it vanishes.

5
📂 Copy Key Files Quickly

Using your file-access method, you save copies of the protected user list and security files from that backup spot to a temp folder.

6
🔓 Unlock with the Analyzer

You run the second program, which reads your copies, figures out the hidden passwords, and boosts your access to full system control.

🎉 Gain Full System Access

A new command window pops up running with ultimate system powers, letting you do anything as the top administrator.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is vss-fr2system?

vss-fr2system is a pair of C tools that chain an arbitrary file read vulnerability on Windows into a full standard-user-to-SYSTEM privilege escalation. Run vss_freeze as a normal user to trigger a Volume Shadow Copy via Defender remediation and hold it open with timed CLI options like --hold 120 or --event for signaling. Pair it with fr2system to decrypt extracted SAM/SECURITY hives offline, dump NTLM hashes via --dump, or auto-escalate to a SYSTEM cmd shell on Win10/11.

Why is it gaining traction?

It delivers a reliable, Defender-aware chain on stock systems without admin rights or OneDrive, standing out from partial VSS or hive parsers by handling full decryption, password rotation, and UAC bypasses in one flow. Pentesting devs grab it for the end-to-end testing workflow—create VSS, read hives via \\?\GLOBALROOT paths, crack hashes, and pop shells—plus scan mode for alt creds like unattend.xml. Tight CLI and build scripts make local test github workflows frictionless.

Who should use this?

Red teamers and bug hunters chaining file read primitives into LPEs on enterprise Windows. Security researchers testing Defender interactions or offline hive analysis. Pentesters validating Win10/11 chains without custom payloads.

Verdict

Grab it if you're in Windows exploit dev—docs and usage examples are sharp for a 19-star research tool, though the 0.699999988079071% credibility score flags its niche maturity; test in labs only. Solid for fr2system vss proof-of-concepts, less for prod.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.