From b684da050ad6a9b91ae1afc6caaf3faf54c38f72 Mon Sep 17 00:00:00 2001 From: clymb3r Date: Wed, 12 Feb 2014 13:52:41 -0800 Subject: Inject-LogonCredentials has been renamed to Invoke-CredentialInjection. Added a check to ensure the script isn't being run from Session0 with the "NewWinLogon" flag. This flag does not work in Session0 because winlogon.exe tries to load stuff from user32.dll which requires a desktop is present. This is not possible in Session0 because there is no desktop/GUI, so it causes winlogon to load and then immediately close with error code c0000142 indicating a DLL failed to initialize. There is no way to fix this that I know of, if you need to run the script from Session0 use the "ExistingWinLogon" flag. --- Exfiltration/Exfiltration.psd1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Exfiltration/Exfiltration.psd1') diff --git a/Exfiltration/Exfiltration.psd1 b/Exfiltration/Exfiltration.psd1 index aaddba1..28dbcab 100644 --- a/Exfiltration/Exfiltration.psd1 +++ b/Exfiltration/Exfiltration.psd1 @@ -75,7 +75,7 @@ ModuleList = @(@{ModuleName = 'Exfiltration'; ModuleVersion = '1.0.0.0'; GUID = # List of all files packaged with this module FileList = 'Exfiltration.psm1', 'Exfiltration.psd1', 'Get-TimedScreenshot.ps1', 'Out-Minidump.ps1', 'Get-Keystrokes.ps1', 'Get-GPPPassword.ps1', 'Usage.md', 'Invoke-Mimikatz.ps1', - 'Invoke-NinjaCopy.ps1', 'Invoke-TokenManipulation.ps1', 'Inject-LogonCredentials.ps1' + 'Invoke-NinjaCopy.ps1', 'Invoke-TokenManipulation.ps1', 'Invoke-CredentialInjection.ps1' # Private data to pass to the module specified in RootModule/ModuleToProcess # PrivateData = '' -- cgit v1.2.3