LeechCore icon indicating copy to clipboard operation
LeechCore copied to clipboard
verified publisher icon ufrisk

leechagent.exe with local authentication

Open Frogsecurity opened this issue 1 year ago • 3 comments

Good Afternoon,

does leechagent.exe support the ability to remotely install using credentials of a local administrative account?

Frogsecurity avatar Aug 07 '24 21:08 Frogsecurity

Currently it only supports installing from the current user context, but I can add support for local accounts.

ufrisk avatar Aug 09 '24 18:08 ufrisk

that would be awesome if you have time! I currently would like to deploy this agent using a local administrator account present on the target machine.

Frogsecurity avatar Aug 09 '24 20:08 Frogsecurity

I'll look into it, but unfortunately it may be some time off before I'm able to find the time for it since I have a couple of projects I'd have to finish up first.

ufrisk avatar Aug 21 '24 20:08 ufrisk

This should now work with ntlm authentication.

memprocfs -device pmem -remote rpc://ntlm:remotehost:user=administrator

ufrisk avatar Oct 04 '25 18:10 ufrisk