Skip to content

Latest commit

 

History

History
129 lines (104 loc) · 3.15 KB

README.md

File metadata and controls

129 lines (104 loc) · 3.15 KB

Tokenvator

A tool to elevate privilege with Windows Tokens

This tool has two methods of operation - interactive and argument modes

Interactive Mode:
C:> tokenvator.exe
(Tokens) > steal_token 908 cmd.exe
(Tokens) >

Arguments Mode:
C:> tokenvator.exe steal_token 908 cmd.exe
C:>

Methods

  • GetSystem

    • Optional Parameters: Process ID, Command
    • Examples:
      (Tokens) > GetSystem
      or
      (Tokens) > GetSystem 504
      or
      (Tokens) > GetSystem 504 regedit.exe

  • GetTrustedInstaller

    • Optional Parameters: Command
    • Examples:
      (Tokens) > GetTrustedInstaller
      or
      (Tokens) > GetTrustedInstaller regedit.exe

  • Steal_Token

    • Parameters: Process ID
    • Optional Parameters: Command
    • Examples:
      (Tokens) > StealToken 1008
      or
      (Tokens) > StealToken calc regedit.exe
      or
      (Tokens) > StealToken 1008 regedit.exe

  • BypassUAC

    • Parameters: Process ID
    • Optional Parameters: Command
    • Examples:
      (Tokens) > BypassUAC 1008
      or
      (Tokens) > BypassUAC regedit.exe
      or
      (Tokens) > BypassUAC 1008 regedit.exe

  • List_Privileges

    • Parameters: -
    • Optional Parameters: -
    • Examples:
      (Tokens) > List_Privileges

  • Set_Privileges

    • Parameters: Privilege
    • Optional Parameters: -
    • Examples:
      (Tokens) > Set_Privileges SeSecurityPrivilege

  • List_Processes

    • Parameters: -
    • Optional Parameters: -
    • Examples:
      (Tokens) > List_Processes

  • List_Processes_WMI

    • Parameters: -
    • Optional Parameters: -
    • Examples:
      (Tokens) > List_Processes_WMI

  • Find_User_Processes

    • Parameters: Username
    • Optional Parameters: -
    • Examples:
      (Tokens) > Find_User_Processes domain\user

  • Find_User_Processes_WMI

    • Parameters: Username
    • Optional Parameters: -
    • Examples:
      (Tokens) > Find_User_Processes_WMI domain\user

  • List_User_Sessions

    • Parameters: -
    • Optional Parameters: -
    • Examples:
      (Tokens) > List_User_Sessions

  • WhoAmI

    • Parameters: -
    • Optional Parameters: -
    • Examples:
      (Tokens) > WhoAmI

  • RevertToSelf

    • Parameters: -
    • Optional Parameters: -
    • Examples:
      (Tokens) > RevertToSelf

  • Run

    • Parameters: Command
    • Optional Parameters: -
    • Examples:
      (Tokens) > Run cmd.exe

  • Compiling

  • git clone https://github.com/0xbadjuju/Tokenvator.git

  • Import the project into Visual Studio. The current target framework is .Net 3.5.

  • Create a key for Strong Name signing:

    • cd Tokenvator\Tokenvator\
    • C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\x64\sn.exe -k sgKey.snk

  • Build Solution

Author, Contributors, and License

Author: Alexander Leary (@0xbadjuju), NetSPI - 2018

License: BSD 3-Clause

Required Dependencies: None