So I wanna see some writeups for windows boxes. On nix* I can get root and just cat /etc/shadow for the token.
Windows is a different story, the AV or PS amsi is a pain in the ■■■.
Just wondering how you guys are getting token for windows boxes. Getting an Invoke-mimikatz.ps1 or mimi.exe on the machines is almost impossible before it gets blocked. What are you guys doing post admin/root flag to get the tokens to see some writeups? Thanks
Sir… Just tried that on a fully patched windows 2019 server. GENIUS idea.
Seems soo simple compared to using complicated dll patching to get amsi to stop or using tools encoded so their hash doesnt trip av. Where were you 30+ machines ago.