daem0nc0re
commented
1 year ago Thanks for reporting! I will handle it as soon as possible.
Open jsdhasfedssad opened 1 year ago
daem0nc0re
commented
1 year ago Thanks for reporting! I will handle it as soon as possible.
daem0nc0re
commented
1 year ago I tested on Domain Controller (Windows Server 2019) but failed to replicate your situation :( As far as I see, it seems that there are no suspicious things in my code. So I don't seem to be able to do much more than this, but if you have any additional information please let me know.
jsdhasfedssad
commented
1 year ago Strange... Why does it fail for me then?
I tested again using a different account and this time I tried to revoke "IncreaseWorkingSet" instead. Your tool attempts to yet again revoke "Tcb" instead but this time that fails. My DC is also running 2019.
Is there a debug or verbose flag I can use?
daem0nc0re
commented
1 year ago This tool converts your input by the following function.
So you can test it by inserting Console.WriteLine(right); into before if statement and Console.WriteLine(userRight.ToString()); into before return true;.
But this is simply compare input string and I have no idea why the conversion is failed in your environment.
Hi,
I am testing your tool and have stumbled onto what I think is an error. When I try to revoke "Impersonate/SeImpersonatePrivilege" your tool revokes "Tcb/SeTcbPrivilege" instead. I am executing this using an elevated CMD on a DC.