Hi,
I am having issue with Windows 10 1809. Previous version of Windows it works like a charm.
I am running the cmd with a user with SeImpersonatePrivilege
c:\>whoami
nt authority\local service
c:\>whoami /priv
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ========================================= ========
SeAssignPrimaryTokenPrivilege Replace a process level token Disabled
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled
SeSystemtimePrivilege Change the system time Disabled
SeShutdownPrivilege Shut down the system Disabled
SeAuditPrivilege Generate security audits Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeImpersonatePrivilege Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege Create global objects Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
When I run RottenPotato it keeps waiting for Auth indefinitely. After some debugging I realized that triggerDCOM instruction:
HRESULT status = CoGetInstanceFromIStorage(NULL, &clsid, NULL, CLSCTX_LOCAL_SERVER, t, 1, qis);
returns an error saying The RPC server is unavailable (0x800706ba). If I try to connect to 135 or 6666 using telnet it connects with no problem. With Wireshark I don't see anything on port 6666 or 135.
I assume something changed between 1803 and 1809 and it seems related to the IStorageTrigger MarshallInterface and how it is handled since it contains the IP and port of the local proxy (i.e. 127.0.0.1 6666) the DCOM object is supposed to connect. Any ideas?
Hi, I am having issue with Windows 10 1809. Previous version of Windows it works like a charm.
I am running the cmd with a user with SeImpersonatePrivilege
When I run RottenPotato it keeps waiting for Auth indefinitely. After some debugging I realized that triggerDCOM instruction:
HRESULT status = CoGetInstanceFromIStorage(NULL, &clsid, NULL, CLSCTX_LOCAL_SERVER, t, 1, qis);returns an error saying
The RPC server is unavailable(0x800706ba). If I try to connect to 135 or 6666 using telnet it connects with no problem. With Wireshark I don't see anything on port 6666 or 135.I assume something changed between 1803 and 1809 and it seems related to the IStorageTrigger MarshallInterface and how it is handled since it contains the IP and port of the local proxy (i.e. 127.0.0.1 6666) the DCOM object is supposed to connect. Any ideas?
Thanks!