This repository has been archived by the owner on Jan 29, 2020. It is now read-only.
Pass-The-Hash opens the process under original user rights. #885
Comments
CryptomaticSquirrel
changed the title
|
Solved... It seems it was working the whole time. Unlike MSF the rights are not adopted. I have to steal the right from the new process created by mimikatz PTH. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Empire Version
2.3
OS Information (Linux flavor, Python version)
Host: Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.4-2kali1 (2017-10-16) x86_64 GNU/Linux
Target machine: Windows 8.1 with patches up to 2014 November.
Mimikatz 2.1
Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.
Screenshot of error, embedded text output, or Pastebin link to the error
The cmd.exe that is executed does not adopt new user rights.
Any additional information
I have tried PTH with the built in modules in Empire and by executing the commands with domain administrator and NT SYSTEM on target machine. Using the module imported from Invoke-Mimikatz.ps1.
Invoke-mimikatz seems to work. But if I use PTH it will create a process with the original user rights.
Under mimikatz tokens it shows:
I have cropped the domain just in case.
The Creds are there. But the original system rights are used.
I will link the two previous posts on this just in case.
#884
#873
The text was updated successfully, but these errors were encountered: