Closed trickster0 closed 3 years ago
djhohnstein
commented
3 years ago No, what you're seeing is the output from this project here: https://github.com/itm4n/PrintSpoofer. I see that you're executing from a medium integrity callback, but the file you're attempting to execute exists outside of your user's home directories. Ensure that the file C:\Users\user\Downloads\file.bat is world-readable by all users before attempting to execute it
trickster0
commented
3 years ago hmm yes i just realized, interesting is this is a domain admin acc and it can read that file. Seems like i am indeed in medium integrity. How would you recommend elevation to high integrity through mythic? Since i was expecting to do this with printspoofer. I verified that administrator DA account can indeed read the file.
djhohnstein
commented
3 years ago If you are in the local Administrators group, you can bypass UAC using the bypassuac command. Otherwise, I'm assuming there's some error actually launching the .bat file (via file handlers or otherwise). You can ensure the printspoofer command is working by changing your command (to something like powershell.exe, for example), and if that works, you could try toying with exactly the right command to run. Going to close this issue for the time being, and for further questions you can forward them to the #mythic channel in the BloodhoundGang Slack, which can be joined here: https://bloodhoundgang.herokuapp.com/
Hello,
I have been trying to execute from a Domain Admin context on a domain connected host printspoofer to execute notepad as seen in the screenshot with SYSTEM privs or my bat which will execute the apollo payload to get a reverse shell but it seems to fail with error 5 (aka access denied). Not sure why... It does say named pipe listening...Maybe because the smb beacons are not released yet?