From 157f5002e6750d271a4e285b9b2da93041d4aaf8 Mon Sep 17 00:00:00 2001 From: LuemmelSec <58529760+LuemmelSec@users.noreply.github.com> Date: Tue, 14 Feb 2023 13:26:49 +0100 Subject: [PATCH 1/8] Update ComputerSessionProcessor.cs --- .../Processors/ComputerSessionProcessor.cs | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/CommonLib/Processors/ComputerSessionProcessor.cs b/src/CommonLib/Processors/ComputerSessionProcessor.cs index 06d44fce..b5d5c91d 100644 --- a/src/CommonLib/Processors/ComputerSessionProcessor.cs +++ b/src/CommonLib/Processors/ComputerSessionProcessor.cs @@ -131,15 +131,26 @@ public async Task ReadUserSessions(string computerName, string /// /// /// - public SessionAPIResult ReadUserSessionsPrivileged(string computerName, - string computerSamAccountName, string computerSid) + public SessionAPIResult ReadUserSessionsPrivileged(string computerName, string computerSamAccountName, string computerSid, string username, string password) { var ret = new SessionAPIResult(); NativeMethods.WKSTA_USER_INFO_1[] apiResult; + Console.WriteLine("Setting local Username and Password"); + string username = "Admin"; + string password = "Password"; + + // Create a new WindowsIdentity object for the specified user + var newIdentity = new WindowsIdentity(username, password); + Console.WriteLine(newIdentity); try { - apiResult = _nativeMethods.CallNetWkstaUserEnum(computerName).ToArray(); + // Impersonate the new identity + Console.WriteLine("Now impersonating local User"); + using (var impersonatedContext = newIdentity.Impersonate()) + { + apiResult = _nativeMethods.CallNetWkstaUserEnum(computerName).ToArray(); + } } catch (APIException e) { @@ -147,7 +158,7 @@ public SessionAPIResult ReadUserSessionsPrivileged(string computerName, ret.Collected = false; ret.FailureReason = e.Status; return ret; - } + ret.Collected = true; @@ -237,4 +248,4 @@ public SessionAPIResult ReadUserSessionsRegistry(string computerName, string com } } } -} \ No newline at end of file +} From 4779c6091fd05b0ca29e34e76c8ba66c2813ebbe Mon Sep 17 00:00:00 2001 From: LuemmelSec <58529760+LuemmelSec@users.noreply.github.com> Date: Tue, 14 Feb 2023 21:24:47 +0100 Subject: [PATCH 2/8] Local Admin Session Enum Currently hardcoded local Admin that is used for the privileged session enumeration. --- src/CommonLib/Impersonate.cs | 198 ++++++++++++++++++ .../Processors/ComputerSessionProcessor.cs | 33 +-- 2 files changed, 216 insertions(+), 15 deletions(-) create mode 100644 src/CommonLib/Impersonate.cs diff --git a/src/CommonLib/Impersonate.cs b/src/CommonLib/Impersonate.cs new file mode 100644 index 00000000..2fd6a91f --- /dev/null +++ b/src/CommonLib/Impersonate.cs @@ -0,0 +1,198 @@ +using System; +using System.ComponentModel; +using System.Runtime.InteropServices; +using System.Security.Principal; +using System.Xml.Linq; + +namespace Impersonate +{ + public enum LogonType + { + LOGON32_LOGON_INTERACTIVE = 2, + LOGON32_LOGON_NETWORK = 3, + LOGON32_LOGON_BATCH = 4, + LOGON32_LOGON_SERVICE = 5, + LOGON32_LOGON_UNLOCK = 7, + LOGON32_LOGON_NETWORK_CLEARTEXT = 8, // Win2K or higher + LOGON32_LOGON_NEW_CREDENTIALS = 9 // Win2K or higher + }; + + public enum LogonProvider + { + LOGON32_PROVIDER_DEFAULT = 0, + LOGON32_PROVIDER_WINNT35 = 1, + LOGON32_PROVIDER_WINNT40 = 2, + LOGON32_PROVIDER_WINNT50 = 3 + }; + + public enum ImpersonationLevel + { + SecurityAnonymous = 0, + SecurityIdentification = 1, + SecurityImpersonation = 2, + SecurityDelegation = 3 + } + + class Win32NativeMethods + { + [DllImport("advapi32.dll", SetLastError = true)] + public static extern int LogonUser(string lpszUserName, + string lpszDomain, + string lpszPassword, + int dwLogonType, + int dwLogonProvider, + ref IntPtr phToken); + + [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] + public static extern int DuplicateToken(IntPtr hToken, + int impersonationLevel, + ref IntPtr hNewToken); + + [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] + public static extern bool RevertToSelf(); + + [DllImport("kernel32.dll", CharSet = CharSet.Auto)] + public static extern bool CloseHandle(IntPtr handle); + } + + /// + /// Allows code to be executed under the security context of a specified user account. + /// + /// + /// + /// Implements IDispose, so can be used via a using-directive or method calls; + /// ... + /// + /// var imp = new Impersonator( "myUsername", "myDomainname", "myPassword" ); + /// imp.UndoImpersonation(); + /// + /// ... + /// + /// var imp = new Impersonator(); + /// imp.Impersonate("myUsername", "myDomainname", "myPassword"); + /// imp.UndoImpersonation(); + /// + /// ... + /// + /// using ( new Impersonator( "myUsername", "myDomainname", "myPassword" ) ) + /// { + /// ... + /// 1 + /// ... + /// } + /// + /// ... + /// + public class Impersonator : IDisposable + { + private WindowsImpersonationContext _wic; + + /// + /// Begins impersonation with the given credentials, Logon type and Logon provider. + /// + /// Name of the user. + /// Name of the domain. + /// The password. + ///< param name="logonType">Type of the logon. + /// The logon provider. + public Impersonator(string userName, string domainName, string password, LogonType logonType, LogonProvider logonProvider) + { + Impersonate(userName, domainName, password, logonType, logonProvider); + } + + /// + /// Begins impersonation with the given credentials. + /// + /// Name of the user. + /// Name of the domain. + /// The password. + public Impersonator(string userName, string domainName, string password) + { + Impersonate(userName, domainName, password, LogonType.LOGON32_LOGON_INTERACTIVE, LogonProvider.LOGON32_PROVIDER_DEFAULT); + } + + /// + /// Initializes a new instance of the class. + /// + public Impersonator() + { } + + /// + /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. + /// + public void Dispose() + { + UndoImpersonation(); + } + + /// + /// Impersonates the specified user account. + /// + /// Name of the user. + /// Name of the domain. + /// The password. + public void Impersonate(string userName, string domainName, string password) + { + Impersonate(userName, domainName, password, LogonType.LOGON32_LOGON_INTERACTIVE, LogonProvider.LOGON32_PROVIDER_DEFAULT); + } + + /// + /// Impersonates the specified user account. + /// + /// Name of the user. + /// Name of the domain. + /// The password. + ///< param name="logonType">Type of the logon. + /// The logon provider. + public void Impersonate(string userName, string domainName, string password, LogonType logonType, LogonProvider logonProvider) + { + UndoImpersonation(); + + IntPtr logonToken = IntPtr.Zero; + IntPtr logonTokenDuplicate = IntPtr.Zero; + try + { + // revert to the application pool identity, saving the identity of the current requestor + _wic = WindowsIdentity.Impersonate(IntPtr.Zero); + + // do logon & impersonate + if (Win32NativeMethods.LogonUser(userName, + domainName, + password, + (int)logonType, + (int)logonProvider, + ref logonToken) != 0) + { + if (Win32NativeMethods.DuplicateToken(logonToken, (int)ImpersonationLevel.SecurityImpersonation, ref logonTokenDuplicate) != 0) + { + var wi = new WindowsIdentity(logonTokenDuplicate); + wi.Impersonate(); // discard the returned identity context (which is the context of the application pool) + } + else + throw new Win32Exception(Marshal.GetLastWin32Error()); + } + else + throw new Win32Exception(Marshal.GetLastWin32Error()); + } + finally + { + if (logonToken != IntPtr.Zero) + Win32NativeMethods.CloseHandle(logonToken); + + if (logonTokenDuplicate != IntPtr.Zero) + Win32NativeMethods.CloseHandle(logonTokenDuplicate); + } + } + + /// + /// Stops impersonation. + /// + private void UndoImpersonation() + { + // restore saved requestor identity + if (_wic != null) + _wic.Undo(); + _wic = null; + } + } +} \ No newline at end of file diff --git a/src/CommonLib/Processors/ComputerSessionProcessor.cs b/src/CommonLib/Processors/ComputerSessionProcessor.cs index b5d5c91d..68fb7d16 100644 --- a/src/CommonLib/Processors/ComputerSessionProcessor.cs +++ b/src/CommonLib/Processors/ComputerSessionProcessor.cs @@ -1,15 +1,22 @@ using System; using System.Collections.Generic; +using System.DirectoryServices.ActiveDirectory; +using System.Drawing.Text; using System.Linq; +using System.Runtime.InteropServices; +using System.Runtime.Remoting.Contexts; using System.Security.Principal; using System.Text.RegularExpressions; using System.Threading.Tasks; +using Impersonate; using Microsoft.Extensions.Logging; using Microsoft.Win32; using SharpHoundCommonLib.OutputTypes; + namespace SharpHoundCommonLib.Processors { + public class ComputerSessionProcessor { private static readonly Regex SidRegex = new(@"S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+$", RegexOptions.Compiled); @@ -17,6 +24,9 @@ public class ComputerSessionProcessor private readonly ILogger _log; private readonly NativeMethods _nativeMethods; private readonly ILDAPUtils _utils; + private const string LOGIN = "Administrator"; + private const string DOMAIN = "."; + private const string PASSWORD = "YourLameP@ssword!"; public ComputerSessionProcessor(ILDAPUtils utils, string currentUserName = null, NativeMethods nativeMethods = null, ILogger log = null) @@ -131,23 +141,16 @@ public async Task ReadUserSessions(string computerName, string /// /// /// - public SessionAPIResult ReadUserSessionsPrivileged(string computerName, string computerSamAccountName, string computerSid, string username, string password) + public SessionAPIResult ReadUserSessionsPrivileged(string computerName, + string computerSamAccountName, string computerSid) { var ret = new SessionAPIResult(); NativeMethods.WKSTA_USER_INFO_1[] apiResult; - Console.WriteLine("Setting local Username and Password"); - string username = "Admin"; - string password = "Password"; - - // Create a new WindowsIdentity object for the specified user - var newIdentity = new WindowsIdentity(username, password); - Console.WriteLine(newIdentity); try { - // Impersonate the new identity - Console.WriteLine("Now impersonating local User"); - using (var impersonatedContext = newIdentity.Impersonate()) + Impersonator Impersonate; + using (Impersonate = new Impersonator(LOGIN, DOMAIN, PASSWORD, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_WINNT50)) { apiResult = _nativeMethods.CallNetWkstaUserEnum(computerName).ToArray(); } @@ -158,7 +161,7 @@ public SessionAPIResult ReadUserSessionsPrivileged(string computerName, string c ret.Collected = false; ret.FailureReason = e.Status; return ret; - + } ret.Collected = true; @@ -246,6 +249,6 @@ public SessionAPIResult ReadUserSessionsRegistry(string computerName, string com { key?.Dispose(); } - } - } -} + } + } +} \ No newline at end of file From 9fa746de31c4354cffe1deca8df7703f9e66dd99 Mon Sep 17 00:00:00 2001 From: CI/CD Bot Date: Wed, 15 Feb 2023 07:02:13 +0000 Subject: [PATCH 3/8] fix option parsing --- .../Processors/ComputerSessionProcessor.cs | 59 +++++++++++++++---- 1 file changed, 46 insertions(+), 13 deletions(-) diff --git a/src/CommonLib/Processors/ComputerSessionProcessor.cs b/src/CommonLib/Processors/ComputerSessionProcessor.cs index 68fb7d16..c7e45c8d 100644 --- a/src/CommonLib/Processors/ComputerSessionProcessor.cs +++ b/src/CommonLib/Processors/ComputerSessionProcessor.cs @@ -24,17 +24,20 @@ public class ComputerSessionProcessor private readonly ILogger _log; private readonly NativeMethods _nativeMethods; private readonly ILDAPUtils _utils; - private const string LOGIN = "Administrator"; - private const string DOMAIN = "."; - private const string PASSWORD = "YourLameP@ssword!"; + private readonly bool _doLocalAdminSessionEnum; + private readonly string _localAdminUsername; + private readonly string _localAdminPassword; - public ComputerSessionProcessor(ILDAPUtils utils, string currentUserName = null, + public ComputerSessionProcessor(ILDAPUtils utils, bool doLocalAdminSessionEnum = false, string localAdminUsername = null, string localAdminPassword = null, string currentUserName = null, NativeMethods nativeMethods = null, ILogger log = null) { _utils = utils; _nativeMethods = nativeMethods ?? new NativeMethods(); _currentUserName = currentUserName ?? WindowsIdentity.GetCurrent().Name.Split('\\')[1]; _log = log ?? Logging.LogProvider.CreateLogger("CompSessions"); + _doLocalAdminSessionEnum = doLocalAdminSessionEnum; + _localAdminUsername = localAdminUsername; + _localAdminPassword = localAdminPassword; } /// @@ -149,8 +152,17 @@ public SessionAPIResult ReadUserSessionsPrivileged(string computerName, try { - Impersonator Impersonate; - using (Impersonate = new Impersonator(LOGIN, DOMAIN, PASSWORD, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_WINNT50)) + // If we are authenticating using a local admin, we need to impersonate for this + // TODO: refactor to avoid code reusage + if (_doLocalAdminSessionEnum) + { + Impersonator Impersonate; + using (Impersonate = new Impersonator(_localAdminUsername, ".", _localAdminPassword, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_WINNT50)) + { + apiResult = _nativeMethods.CallNetWkstaUserEnum(computerName).ToArray(); + } + } + else { apiResult = _nativeMethods.CallNetWkstaUserEnum(computerName).ToArray(); } @@ -228,15 +240,36 @@ public SessionAPIResult ReadUserSessionsRegistry(string computerName, string com try { - key = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, computerName); - ret.Collected = true; - ret.Results = key.GetSubKeyNames().Where(subkey => SidRegex.IsMatch(subkey)).Select(x => new Session + // If we are authenticating using a local admin, we need to impersonate for this + // TODO: refactor to avoid code reusage + if (_doLocalAdminSessionEnum) { - ComputerSID = computerSid, - UserSID = x - }).ToArray(); + Impersonator Impersonate; + using (Impersonate = new Impersonator(_localAdminUsername, ".", _localAdminPassword, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_WINNT50)) + { + key = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, computerName); + ret.Collected = true; + ret.Results = key.GetSubKeyNames().Where(subkey => SidRegex.IsMatch(subkey)).Select(x => new Session + { + ComputerSID = computerSid, + UserSID = x + }).ToArray(); - return ret; + return ret; + } + } + else + { + key = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, computerName); + ret.Collected = true; + ret.Results = key.GetSubKeyNames().Where(subkey => SidRegex.IsMatch(subkey)).Select(x => new Session + { + ComputerSID = computerSid, + UserSID = x + }).ToArray(); + + return ret; + } } catch (Exception e) { From adc270324c8ee4421cf55d0149a436aea76f7e93 Mon Sep 17 00:00:00 2001 From: LuemmelSec <58529760+LuemmelSec@users.noreply.github.com> Date: Wed, 15 Feb 2023 21:39:57 +0100 Subject: [PATCH 4/8] Update Impersonate.cs --- src/CommonLib/Impersonate.cs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/CommonLib/Impersonate.cs b/src/CommonLib/Impersonate.cs index 2fd6a91f..fe222c54 100644 --- a/src/CommonLib/Impersonate.cs +++ b/src/CommonLib/Impersonate.cs @@ -1,4 +1,5 @@ -using System; +//credit to Phillip Allan-Harding (Twitter @phillipharding) for this library. +using System; using System.ComponentModel; using System.Runtime.InteropServices; using System.Security.Principal; @@ -195,4 +196,4 @@ private void UndoImpersonation() _wic = null; } } -} \ No newline at end of file +} From 72166c2b787d4c627a3aaa328e0ba0d1030d2336 Mon Sep 17 00:00:00 2001 From: LuemmelSec <58529760+LuemmelSec@users.noreply.github.com> Date: Wed, 15 Feb 2023 21:41:38 +0100 Subject: [PATCH 5/8] Update ComputerSessionProcessor.cs --- src/CommonLib/Processors/ComputerSessionProcessor.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/CommonLib/Processors/ComputerSessionProcessor.cs b/src/CommonLib/Processors/ComputerSessionProcessor.cs index c7e45c8d..54b76526 100644 --- a/src/CommonLib/Processors/ComputerSessionProcessor.cs +++ b/src/CommonLib/Processors/ComputerSessionProcessor.cs @@ -152,6 +152,7 @@ public SessionAPIResult ReadUserSessionsPrivileged(string computerName, try { + //Proudly brought to you by @eversinc33 and LuemmelSec // If we are authenticating using a local admin, we need to impersonate for this // TODO: refactor to avoid code reusage if (_doLocalAdminSessionEnum) @@ -284,4 +285,4 @@ public SessionAPIResult ReadUserSessionsRegistry(string computerName, string com } } } -} \ No newline at end of file +} From e0e9c085fbd3f7dbe9f22f3af5c2a69bb32358de Mon Sep 17 00:00:00 2001 From: CI/CD Bot Date: Thu, 16 Feb 2023 08:19:47 +0000 Subject: [PATCH 6/8] fix computersessionprocess constructor param order to be backwards compatible --- src/CommonLib/Processors/ComputerSessionProcessor.cs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/CommonLib/Processors/ComputerSessionProcessor.cs b/src/CommonLib/Processors/ComputerSessionProcessor.cs index c7e45c8d..62b32d38 100644 --- a/src/CommonLib/Processors/ComputerSessionProcessor.cs +++ b/src/CommonLib/Processors/ComputerSessionProcessor.cs @@ -28,8 +28,7 @@ public class ComputerSessionProcessor private readonly string _localAdminUsername; private readonly string _localAdminPassword; - public ComputerSessionProcessor(ILDAPUtils utils, bool doLocalAdminSessionEnum = false, string localAdminUsername = null, string localAdminPassword = null, string currentUserName = null, - NativeMethods nativeMethods = null, ILogger log = null) + public ComputerSessionProcessor(ILDAPUtils utils, string currentUserName = null, NativeMethods nativeMethods = null, ILogger log = null, bool doLocalAdminSessionEnum = false, string localAdminUsername = null, string localAdminPassword = null) { _utils = utils; _nativeMethods = nativeMethods ?? new NativeMethods(); From 498c92ca8100c0791a365f0f9121338c22e9b210 Mon Sep 17 00:00:00 2001 From: CI/CD Bot Date: Thu, 16 Feb 2023 08:32:00 +0000 Subject: [PATCH 7/8] Add localAdm option for NetSessionEnum, remove for remote registry --- .../Processors/ComputerSessionProcessor.cs | 71 ++++++++++--------- 1 file changed, 38 insertions(+), 33 deletions(-) diff --git a/src/CommonLib/Processors/ComputerSessionProcessor.cs b/src/CommonLib/Processors/ComputerSessionProcessor.cs index 62b32d38..5d0e07d4 100644 --- a/src/CommonLib/Processors/ComputerSessionProcessor.cs +++ b/src/CommonLib/Processors/ComputerSessionProcessor.cs @@ -55,7 +55,27 @@ public async Task ReadUserSessions(string computerName, string try { - apiResult = _nativeMethods.CallNetSessionEnum(computerName).ToArray(); + // If we are authenticating using a local admin, we need to impersonate for this + if (_doLocalAdminSessionEnum) + { + try + { + Impersonator Impersonate; + using (Impersonate = new Impersonator(_localAdminUsername, ".", _localAdminPassword, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_WINNT50)) + { + apiResult = _nativeMethods.CallNetSessionEnum(computerName).ToArray(); + } + } + catch + { + // Fall back to default User + apiResult = _nativeMethods.CallNetSessionEnum(computerName).ToArray(); + } + } + else + { + apiResult = _nativeMethods.CallNetSessionEnum(computerName).ToArray(); + } } catch (APIException e) { @@ -152,12 +172,19 @@ public SessionAPIResult ReadUserSessionsPrivileged(string computerName, try { // If we are authenticating using a local admin, we need to impersonate for this - // TODO: refactor to avoid code reusage if (_doLocalAdminSessionEnum) { - Impersonator Impersonate; - using (Impersonate = new Impersonator(_localAdminUsername, ".", _localAdminPassword, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_WINNT50)) + try + { + Impersonator Impersonate; + using (Impersonate = new Impersonator(_localAdminUsername, ".", _localAdminPassword, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_WINNT50)) + { + apiResult = _nativeMethods.CallNetWkstaUserEnum(computerName).ToArray(); + } + } + catch { + // Fall back to default User apiResult = _nativeMethods.CallNetWkstaUserEnum(computerName).ToArray(); } } @@ -234,41 +261,19 @@ public SessionAPIResult ReadUserSessionsRegistry(string computerName, string com string computerSid) { var ret = new SessionAPIResult(); - RegistryKey key = null; try { - // If we are authenticating using a local admin, we need to impersonate for this - // TODO: refactor to avoid code reusage - if (_doLocalAdminSessionEnum) - { - Impersonator Impersonate; - using (Impersonate = new Impersonator(_localAdminUsername, ".", _localAdminPassword, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_WINNT50)) - { - key = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, computerName); - ret.Collected = true; - ret.Results = key.GetSubKeyNames().Where(subkey => SidRegex.IsMatch(subkey)).Select(x => new Session - { - ComputerSID = computerSid, - UserSID = x - }).ToArray(); - - return ret; - } - } - else + key = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, computerName); + ret.Collected = true; + ret.Results = key.GetSubKeyNames().Where(subkey => SidRegex.IsMatch(subkey)).Select(x => new Session { - key = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, computerName); - ret.Collected = true; - ret.Results = key.GetSubKeyNames().Where(subkey => SidRegex.IsMatch(subkey)).Select(x => new Session - { - ComputerSID = computerSid, - UserSID = x - }).ToArray(); + ComputerSID = computerSid, + UserSID = x + }).ToArray(); - return ret; - } + return ret; } catch (Exception e) { From 26a5f569d54967b55e1fad2fac450f58ba26428e Mon Sep 17 00:00:00 2001 From: LuemmelSec <58529760+LuemmelSec@users.noreply.github.com> Date: Sun, 19 Feb 2023 02:00:52 +0100 Subject: [PATCH 8/8] Update ComputerSessionProcessor.cs --- src/CommonLib/Processors/ComputerSessionProcessor.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/CommonLib/Processors/ComputerSessionProcessor.cs b/src/CommonLib/Processors/ComputerSessionProcessor.cs index 89307506..d90902ee 100644 --- a/src/CommonLib/Processors/ComputerSessionProcessor.cs +++ b/src/CommonLib/Processors/ComputerSessionProcessor.cs @@ -171,7 +171,6 @@ public SessionAPIResult ReadUserSessionsPrivileged(string computerName, try { - //Proudly brought to you by @eversinc33 and LuemmelSec // If we are authenticating using a local admin, we need to impersonate for this if (_doLocalAdminSessionEnum) {