sensepost
No Tokens
Hi!
I'm trying to replicate the token impersonation, I tried in 3 different machines, and I got the same result, no token at all. I also tried using the CrackMapExec module and also got the same result.
Here some pictures.
Machine No. 1 DC01
systeminfo
Host Name: DC01
OS Name: Microsoft Windows Server 2019 Standard
OS Version: 10.0.17763 N/A Build 17763
OS Manufacturer: Microsoft Corporation
OS Configuration: Primary Domain Controller
OS Build Type: Multiprocessor Free
Registered Owner: Windows User
Registered Organization:
Product ID: 00429-00521-62775-AA135
Original Install Date: 7/13/2022, 1:51:51 PM
System Boot Time: 11/7/2022, 5:19:04 AM
System Manufacturer: VMware, Inc.
System Model: VMware7,1
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
BIOS Version: VMware, Inc. VMW71.00V.16707776.B64.2008070230, 8/7/2020
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-06:00) Central Time (US & Canada)
Total Physical Memory: 4,095 MB
Available Physical Memory: 2,380 MB
Virtual Memory: Max Size: 6,655 MB
Virtual Memory: Available: 4,809 MB
Virtual Memory: In Use: 1,846 MB
Page File Location(s): C:\pagefile.sys
Domain: inlanefreight.htb
Logon Server: \\DC01
Hotfix(s): 5 Hotfix(s) Installed.
[01]: KB5009472
[02]: KB4535680
[03]: KB4589208
[04]: KB5010427
[05]: KB5009642
Network Card(s): 2 NIC(s) Installed.
[01]: Intel(R) 82574L Gigabit Network Connection
Connection Name: Ethernet1
Status: Hardware not present
[02]: Intel(R) 82574L Gigabit Network Connection
Connection Name: Ethernet0 2
DHCP Enabled: Yes
DHCP Server: 10.129.0.1
IP address(es)
[01]: 10.129.203.121
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
Machine No. 2
systeminfo
Host Name: DESKTOP-MFERMN4
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19044 N/A Build 19044
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Windows User
Registered Organization:
Product ID: 00330-80000-00000-AA982
Original Install Date: 6/19/2020, 11:47:17 AM
System Boot Time: 10/18/2022, 3:20:29 PM
System Manufacturer: VMware, Inc.
System Model: VMware7,1
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 23 Model 113 Stepping 0 AuthenticAMD ~3793 Mhz
BIOS Version: VMware, Inc. VMW71.00V.18452719.B64.2108091906, 8/9/2021
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-04:00) Georgetown, La Paz, Manaus, San Juan
Total Physical Memory: 8,191 MB
Available Physical Memory: 4,454 MB
Virtual Memory: Max Size: 11,135 MB
Virtual Memory: Available: 5,981 MB
Virtual Memory: In Use: 5,154 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: N/A
Hotfix(s): 25 Hotfix(s) Installed.
[01]: KB5017262
[02]: KB4534170
[03]: KB4537759
[04]: KB4545706
[05]: KB4560366
[06]: KB4561600
[07]: KB4566785
[08]: KB4570334
[09]: KB4577266
[10]: KB4577586
[11]: KB4580325
[12]: KB4584229
[13]: KB4589212
[14]: KB5003791
[15]: KB5012170
[16]: KB5018410
[17]: KB5006753
[18]: KB5007273
[19]: KB5011651
[20]: KB5014032
[21]: KB5014035
[22]: KB5014671
[23]: KB5015895
[24]: KB5016705
[25]: KB5005699
Network Card(s): 2 NIC(s) Installed.
[01]: Intel(R) 82574L Gigabit Network Connection
Connection Name: Ethernet0
DHCP Enabled: Yes
DHCP Server: 192.168.49.254
IP address(es)
[01]: 192.168.49.203
[02]: fe80::1c37:a16f:1336:d524
[02]: Intel(R) 82574L Gigabit Network Connection
Connection Name: Ethernet1
Status: Hardware not present
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
Please let me know if I can provide more information.
Best regards!
I tried with the exe and first run. dont show the tokens. second run, show. try :-)
I tried many times, but I still got the same issue, that's why I decide to compile the binary instead of using the CME module.
This is indeed very strange. You're the second person to tell me that however I have no idea, as of now, why there is no token.
Are there special GPO's on your AD ?
No, just a default domain. I tried in a machine without DC, my personal computer, and I got the same result.
I'm sorry but I can't reproduce this behaviour. I have installed a new Windows 10 pro, fully updated, defender updated as well and it does work :/
Hi, I'm experiencing same issue. Compiled version in Debug mode shows this error. Not sure if its relevant though :)
That one is interesting, it implies that the secured string copy fails because of a buffer being too small. However I have no idea how it is possible. I might push a debug version on this repo and ask you guys to help me since I can't reproduce the issue.
Is that ok for you ?
Hey hey! For information I have been able to reproduce the bug on a Windows Pro N version. So I'll take a deeper look and try to hack something :P !
Just a quick update to let you know I have patched the bug and upgraded the binary in the mean time. I'll publish a PR as soon as possible with an update on the blog post :) !
With the update you will hopefully be able to list all tokens and now you can even see their integrity in order to choose the most important ones:
I still have to patch the CME module tho. Let me know if you still have issues :)!