| skipped 13 lines |
14 | 14 | | This module run a wmic /node:[ip] command in order to launch commands on a remote windows system. |
15 | 15 | | This will result in a lateral movement if shared credentials are known. |
16 | 16 | | |
17 | | - | Note that if you use local users credentials you should ensure that, on the target server, the feature |
18 | | - | "LocalAccountTokenFilterPolicy" is disabled. |
| 17 | + | Note that if you use local admin credentials you should ensure that, on the target server, the feature |
| 18 | + | "LocalAccountTokenFilterPolicy" is disabled. (except for builtin Administrator) |
19 | 19 | | To disable that you need to add the following regkey with the value of 1: |
20 | 20 | | |
21 | 21 | | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy |
| skipped 2 lines |
24 | 24 | | reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f |
25 | 25 | | |
26 | 26 | | If you use domain users for the lateral movement, no restrictions to the process token will be applied. |
27 | | - | Remember to always specify the domain in the username field. If you use a local account use |
| 27 | + | Remember to always specify the domain in the username field. If you use a local account use the machine name as the domain. |
28 | 28 | | |
29 | 29 | | This module uses WMI builtin features wmi and doesn't need additional files to be droppend on the target |
30 | 30 | | server. |
| skipped 103 lines |