Attacking Enterprise Networks - Lateral Movement

easydor · October 15, 2022, 6:39pm

Hi, on MS01 machine, I added ilfserveradm to local administrators group, but I am unable to get “privilege::debug” “OK” with mimikatz.

This is the error I get:

mimikatz # token::elevate
Token Id  : 0
User name :
SID name  : NT AUTHORITY\SYSTEM


mimikatz # privilege::debug
ERROR kuhl_m_privilege_simple ; RtlAdjustPrivilege (20) c0000061

mimikatz #

Any suggestion? Thankyou!

Mentally6 · December 9, 2022, 6:36am

Did you solve it? I am stuck at the same place.

sisobe · January 21, 2023, 6:37pm

worked for me neither, but

try using netcat with the bat.file

it will work

estoscar · April 18, 2023, 1:47pm

If anyone else has same issue, you need to logout then back in.

ishsome · June 3, 2023, 5:41pm

I am performing all the steps mentioned to add ilfserveradm to administrators group but it is not working. Can please someone help?

fugatu · June 8, 2023, 9:30am

Hey guys i got the admin and everything but i m stuck with the last flag i imported inveigh but when i execute it i keep getting the following error :

PS C:\tmp\Inveigh> Import-Module .\Inveigh.ps1
Import-Module .\Inveigh.ps1
PS C:\tmp\Inveigh> Invoke-Inveigh -ConsoleOutput Y -FileOutput Y
Invoke-Inveigh -ConsoleOutput Y -FileOutput Y
[*] Inveigh 1.506 started at 2023-06-08T03:45:44
[+] Elevated Privilege Mode = Enabled
[+] Primary IP Address = 172.16.8.50
[+] Spoofer IP Address = 172.16.8.50
[+] ADIDNS Spoofer = Disabled
[+] DNS Spoofer = Enabled
[+] DNS TTL = 30 Seconds
[+] LLMNR Spoofer = Enabled
[+] LLMNR TTL = 30 Seconds
[+] mDNS Spoofer = Disabled
[+] NBNS Spoofer = Disabled
[+] SMB Capture = Enabled
[+] HTTP Capture = Enabled
[+] HTTPS Capture = Disabled
[+] HTTP/HTTPS Authentication = NTLM
[+] WPAD Authentication = NTLM
[+] WPAD NTLM Authentication Ignore List = Firefox
[+] WPAD Response = Enabled
[+] Kerberos TGT Capture = Disabled
[+] Machine Account Capture = Disabled
[+] Console Output = Full
[+] File Output = Enabled
[+] Output Directory = C:\tmp\Inveigh
WARNING: [!] Run Stop-Inveigh to stop
[*] Press any key to stop console output
Cannot see if a key has been pressed when either application does not have a console or when console input has been 
redirected from a file. Try Console.In.Peek.
At C:\tmp\Inveigh\Inveigh.ps1:6365 char:20
+                 if([Console]::KeyAvailable)
+                    ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException

I looked for what causes the issue but i can’t find anything helpful