You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 29, 2020. It is now read-only.
Host: Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.4-2kali1 (2017-10-16) x86_64 GNU/Linux
Target machine: Windows 8.1 with patches up to 2014 November.
Mimikatz 2.1
Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.
Screenshot of error, embedded text output, or Pastebin link to the error
The cmd.exe that is executed does not adopt new user rights.
Any additional information
I have tried PTH with the built in modules in Empire and by executing the commands with domain administrator and NT SYSTEM on target machine. Using the module imported from Invoke-Mimikatz.ps1.
Invoke-mimikatz seems to work. But if I use PTH it will create a process with the original user rights.
Under mimikatz tokens it shows:
I have cropped the domain just in case.
The Creds are there. But the original system rights are used.
I will link the two previous posts on this just in case. #884 #873
The text was updated successfully, but these errors were encountered:
CryptomaticSquirrel
changed the title
Pass-The-Hash opens the process under original rights.
Pass-The-Hash opens the process under original user rights.
Dec 25, 2017
It seems it was working the whole time. Unlike MSF the rights are not adopted. I have to steal the right from the new process created by mimikatz PTH.
After this, the console still reports back the original user rights of the agent. So I assumed the new rights I tried to get were not transferred. But if I use the process with the stolen rights I can move laterally in the network.
Empire Version
2.3
OS Information (Linux flavor, Python version)
Host: Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.4-2kali1 (2017-10-16) x86_64 GNU/Linux
Target machine: Windows 8.1 with patches up to 2014 November.
Mimikatz 2.1
Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.
Screenshot of error, embedded text output, or Pastebin link to the error
The cmd.exe that is executed does not adopt new user rights.
Any additional information
I have tried PTH with the built in modules in Empire and by executing the commands with domain administrator and NT SYSTEM on target machine. Using the module imported from Invoke-Mimikatz.ps1.
Invoke-mimikatz seems to work. But if I use PTH it will create a process with the original user rights.
Under mimikatz tokens it shows:
I have cropped the domain just in case.
The Creds are there. But the original system rights are used.
I will link the two previous posts on this just in case.
#884
#873
The text was updated successfully, but these errors were encountered: