To get the Hashes I used a fake hash generator because I do not want to show the real hashes stored at the system live. Basically, the fake hash generator is just a Python script with a few print commands. You can find both in this repository: The Python script and the Windows exwecutable.
In this section you can find all of my HID scripts from the demonstration at GPN21 except:
- WIN-A02--DisableDefender.js
- WIN-B01--PrivilegEscalation-Admin.js
- WIN-D01--PrivilegEscalation-System.js
- WIN-D03--Payload-DumpHashes.js
- WIN-X99--ReactivateDefender.js
Even this are only key strokes they are potential dangerous.
The slides shown durinig the talk.
Thanks to @mame82 for P4wnP1 and P4wnP1 A.L.O.A.
The scripts I used to demonstrate possible solutions. Just for information - they are useless without the correct environment.
The slides shown durinig the talk.