infosecn1nja
/
Seatbelt
mirror of https://github.com/infosecn1nja/Seatbelt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated LSASettings to detect restricted admin mode 

Updated the output formatter in the LSASettings command to detect if restricted admin mode is enabled
master
harmj0y 2020-05-29 11:26:03 -07:00
parent 8096cbfaf9
commit d3de731cee
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Seatbelt/Commands/Windows/LocalSecurityAuthorityCommand.cs
View File

@ -80,6 +80,11 @@ namespace Seatbelt.Commands.Windows
{ {
WriteLine(" [*] LSASS Protected Mode is enabled! You will not be able to access lsass.exe's memory easily."); WriteLine(" [*] LSASS Protected Mode is enabled! You will not be able to access lsass.exe's memory easily.");
} }
if (dto.Key.Equals("DisableRestrictedAdmin", System.StringComparison.InvariantCultureIgnoreCase) && dto.Value == "0")
{
WriteLine(" [*] RDP Restricted Admin Mode is enabled! You can use pass-the-hash to access RDP on this system.");
}
} }
} }
} }