freefirex
commented
1 year ago Tracked this down and got it fixed, thanks for the report!
Closed Octoberfest7 closed 1 year ago
freefirex
commented
1 year ago Tracked this down and got it fixed, thanks for the report!
Octoberfest7
commented
1 year ago Great, thanks so much for your work!
I have experienced an issue using the wmi_query as well as the tasklist BOF in which trying to use either BOF on a remote machine with a token created using make_token returns Access Denied.
In a beacon running as the user DA ( a Domain Admin in the network) I am successfully able to use the wmi_query and tasklist BOFs remotely.
In a beacon running as SYSTEM, I use make_token with DA's creds. I am successfully able to use the created token, as demonstrated by doing a ls \dev-dc\c$ as well as using shell wmic ...
I am unable however to use wmi_query or tasklist remotely, receiving an Access Denied error. I'm running CobaltStrike version 4.7.2 and have confirmed this using the latest branch of CS-Situational-Awareness-BOF