This PR adds supports for the createnetonly and S4U commands to automatically import a ticket into the logon session of a new net only process. This uses the fact that if you import the ticket while impersonating the new process' token the LSA will importing it to the new session rather the caller's current session. This allows simple one shot creation of a new process with the new ticket without TCB privileges.
0xe7
commented
2 years ago
This PR adds supports for the
createnetonlyandS4Ucommands to automatically import a ticket into the logon session of a new net only process. This uses the fact that if you import the ticket while impersonating the new process' token the LSA will importing it to the new session rather the caller's current session. This allows simple one shot creation of a new process with the new ticket without TCB privileges.