Automatically attempt to elevate permissions or add Get SYSTEM module

[kildonan5]

Context

• SILENTTRINITY Version: 0.1.0dev
• Operating System: Kali 2019.2
• Python Version: Python 3.7.3rc1

ST Setup & resulting behavior

HTTPS Listener on 8080
MSBuild stager executed on Windows Server 2016 client, under the context of a domain user in the local administrators group
Module = ipy/mimikatz
run all

Output:

[+] f83a38c9-14fe-44ad-870f-2d70fc3e24e7 returned job result (id: LJpKMPve)
[-] Not in high integrity process

Expected Behavior

ST Should attempt to elevate privileges to system, before running the Mimikatz and/or any LSASS related modules. Alternatively create a separate module (such as MSF 'get system') which would achieve this purpose.

Current Behavior

Even if the session is running under the context of a user in the administrators group, LSASS modules, fail to execute (dump memory).

[b4cktr4ck2]

Definitely would love to see an elevation of privilege module (via Process Injection, Token Impersonation, etc).

If there's any way I can assist I'd love to help out (testing, writing/porting the modules from Meterpreter)

[byt3bl33d3r]

This was added in the newest update. Some changes are going to be needed to make it a bit more streamlined but the code is there.
Cheers

[kildonan5]

When you say this was added, do you mean a getsystem module/feature? I have not had a chance to test it again (im having installing the dependencies) but watched your webinar, and when it came to dump creds (minidump module), you got the error "not in a high integrity process".

At that point you said you 'cheated' and started boo/winrm lateral movement module (to launch a stager on a seperate machine, that was already in a high integrity process?).

How do you move to a high integrity process (getsystem essentially) when you are not in a high integrity process (but the user is a local administrator)?