With the use of Mimikatz and WCE, clear text passwords are much more common. What isn’t always there is the user. They take lunches, go home at a reasonable time and generally aren’t really appreciative of our (pentester/red teamer)’s schedule.
A straight forward way, and provided by Microsoft to create a process as a user (whereby having their token readily available is using ‘runas.exe’:
w00t, we the user is present, we can migrate our meterepreter session into that notepad and we’re good right?![]()
![]()
![]()
![]()
![]()
↧
