Closed CacheMeNot closed 2 years ago
r4wd3r
commented
2 years ago Hey!
I'm glad you are trying to suborn Windows 😄
I have not implemented a privesc from Admin to SYSTEM just yet. Probably I'll implement a duplication of the LSASS process token to jump from Admin to System automatically (but I think this may alert some EDRs).
For now, you may want to run it on a SYSTEM session (e.g. psexec -s -i cmd.exe).
CacheMeNot
commented
2 years ago Hey!
I'm glad you are trying to suborn Windows 😄
I have not implemented a privesc from Admin to SYSTEM just yet. Probably I'll implement a duplication of the LSASS process token to jump from Admin to System automatically (but I think this may alert some EDRs).
For now, you may want to run it on a SYSTEM session (e.g.
psexec -s -i cmd.exe).
Hey, thank you for your prompt reply and explanation. But am I doing anything wrong here that's causing it not to work? I'm trying to run this from an Admin account with an elevated shell as demonstrated by you in the YouTube video.
Edit: I just tried it with the latest Win 11 ISO, and it gives me the same error saying that I need system privileges, even though I have system privileges. :/
r4wd3r
commented
2 years ago Hey!
Long story short: you need to be SYSTEM. Try getting a shell prompt as SYSTEM (e.g. psexec, msfconsole, Empire) and run it from it. The demo you saw was running a shell session as SYSTEM, not admin.
Let me know if you make it work :)
Hey Sebastian! I was trying out your tool on a VM running Win10 20H2 and was unable to get it to work. Is this tool for Win11 only?
?