Process Injection (pi module)
You need at least local admin privilege on the remote target
The "pi" module accesses the process of a user with an active session on a Windows system using the Process Injection method to execute commands with the privileges of the target user (requires SYSTEM privileges).
It allows impersonating authorized domain users in Active Directory.
It works more stable for Server 2016/Win10 and above.
For more information on the creation of the pi
module, see the developer's blog post here: https://medium.com/@mehmetcantopal/development-and-implementation-of-the-pi-smb-module-for-netexec-crackmapexec-83eac92ded8f
Last updated