Empire runas module throws Access Denied error #1184
Comments
123dshark
changed the title
|
Tried using CredID only as well, by unsetting username, password & domain. However, that doesn't work either. |
|
Having the same issue as here too : #885 Can't get PTH to adopt the new rights either. The new process is created using the original user. The account that I'm using is DA. Trying to impersonate a lower priv domain user account. |
|
tried runas, PTH, etc. on another compromised server (Windows server 2008 R2) and the commands are working as expected. But on the Domain Controller (Windows server 2008 R2) runas, spawnas, PTH, steal_token don't work as expected for some reason:
Tried this on Windows 7 Professional too, original session of DA. None of the above worked and could not impersonate another domain user. Very inconsistent results for some reason with the above modules. Any assistance or pointers would be awesome. Thanks. |
|
On system where it worked: RDP -> Opened CMD.exe -> ran launcher script -> then from there used runas, PTH as usual -> WORKED On systems where it didn't work RDP -> Opened CMD.exe -> ran launcher script -> Used invoke-wmi to connect to another host -> ran runas , PTH, etc. - FAILED |
|
Also noticed when running pth, impersonation is set to No. impers. : no Also tried switching to processes with debug + impersonate privileges. This makes the runas command work (no errors shown), however, when I run runas, the process is never created and I can't see it using tasklist and as such can't use steal_token to migrate to it Not really sure what the issue could be. Any help would be appreciated.. thanks. |
|
Hello, Need time to perform some debug on my lab |
|
Any update on this? Thanks. |
|
Hey, 🌻 |
|
Thanks.. Unsure what to do at this point.. |
Empire Version
Latest version of Empire
OS Information (Linux flavor, Python version)
Ubuntu 18.04
Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.
Error in runas: Exception calling "Start" with "1" argument(s): "Access is denied"
Screenshot of error, embedded text output, or Pastebin link to the error
Any additional information
The runas module fails with access is denied error message.
The username, domain and password is correct and I unset the CredID. I also manually verified by RDPing into the host and running runas /user:domain\username notepad.exe locally. This works, but the module does not.
The text was updated successfully, but these errors were encountered: