Skip to content

Fake users get picked up by mimikatz #1860

New issue
New issue
Closed
#1902
Closed
Fake users get picked up by mimikatz#1860
#1902
Labels
BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.
@VakarisZ

Description

@VakarisZ
VakarisZ
opened on Apr 5, 2022

Describe the bug

New users created for PBA's via AutoNewWindowsUser get picked up by mimikatz. This means that either user traces are left somewhere in credetial caches or the user isn't properly deleted. Either way this results in a ton of useless credentials added to configuration.

To Reproduce

Steps to reproduce the behavior:

  1. Run monkey multiple times with PBA's enabled on windows
  2. Check config - a lot of bogus users got added

Expected behavior

Users created by monkey should be removed without leaving traces OR shouldn't be added to config

Tasks

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions