You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have experienced an issue using the wmi_query as well as the tasklist BOF in which trying to use either BOF on a remote machine with a token created using make_token returns Access Denied.
In a beacon running as the user DA ( a Domain Admin in the network) I am successfully able to use the wmi_query and tasklist BOFs remotely.
In a beacon running as SYSTEM, I use make_token with DA's creds. I am successfully able to use the created token, as demonstrated by doing a ls \dev-dc\c$ as well as using shell wmic ...
I am unable however to use wmi_query or tasklist remotely, receiving an Access Denied error. I'm running CobaltStrike version 4.7.2 and have confirmed this using the latest branch of CS-Situational-Awareness-BOF
The text was updated successfully, but these errors were encountered:
Octoberfest7
changed the title
Remote wmi receives access deniued after using make_token
Remote wmi receives access denied after using make_token
Jan 28, 2023
I have experienced an issue using the wmi_query as well as the tasklist BOF in which trying to use either BOF on a remote machine with a token created using make_token returns Access Denied.
In a beacon running as the user DA ( a Domain Admin in the network) I am successfully able to use the wmi_query and tasklist BOFs remotely.
In a beacon running as SYSTEM, I use make_token with DA's creds. I am successfully able to use the created token, as demonstrated by doing a ls \dev-dc\c$ as well as using shell wmic ...
I am unable however to use wmi_query or tasklist remotely, receiving an Access Denied error. I'm running CobaltStrike version 4.7.2 and have confirmed this using the latest branch of CS-Situational-Awareness-BOF
The text was updated successfully, but these errors were encountered: