Tokenvator v2.1.1 releases: A tool to elevate privilege with Windows Tokens
Tokenvator
A tool to elevate privilege with Windows Tokens
This tool has two methods of operation – interactive and argument modes
Interactive Mode:
C:> tokenvator.exe
(Tokens) > steal_token 908 cmd.exe
(Tokens) >
Arguments Mode:
C:> tokenvator.exe steal_token 908 cmd.exe
C:>
Methods
GetSystem
- Optional Parameters: Process ID, Command
- Examples:
(Tokens) > GetSystem
or
(Tokens) > GetSystem 504
or
(Tokens) > GetSystem 504 regedit.exe
GetTrustedInstaller
- Optional Parameters: Command
- Examples:
(Tokens) > GetTrustedInstaller
or
(Tokens) > GetTrustedInstaller regedit.exe
Steal_Token
- Parameters: Process ID
- Optional Parameters: Command
- Examples:
(Tokens) > StealToken 1008
or
(Tokens) > StealToken calc regedit.exe
or
(Tokens) > StealToken 1008 regedit.exe
BypassUAC
- Parameters: Process ID
- Optional Parameters: Command
- Examples:
(Tokens) > BypassUAC 1008
or
(Tokens) > BypassUAC regedit.exe
or
(Tokens) > BypassUAC 1008 regedit.exe
List_Privileges
- Parameters: –
- Optional Parameters: –
- Examples:
(Tokens) > List_Privileges
Set_Privileges
- Parameters: Privilege
- Optional Parameters: –
- Examples:
(Tokens) > Set_Privileges SeSecurityPrivilege
List_Processes
- Parameters: –
- Optional Parameters: –
- Examples:
(Tokens) > List_Processes
List_Processes_WMI
- Parameters: –
- Optional Parameters: –
- Examples:
(Tokens) > List_Processes_WMI
Find_User_Processes
- Parameters: Username
- Optional Parameters: –
- Examples:
(Tokens) > Find_User_Processes domain\user
Find_User_Processes_WMI
- Parameters: Username
- Optional Parameters: –
- Examples:
(Tokens) > Find_User_Processes_WMI domain\user
List_User_Sessions
- Parameters: –
- Optional Parameters: –
- Examples:
(Tokens) > List_User_Sessions
WhoAmI
- Parameters: –
- Optional Parameters: –
- Examples:
(Tokens) > WhoAmI
RevertToSelf
- Parameters: –
- Optional Parameters: –
- Examples:
(Tokens) > RevertToSelf
Run
- Parameters: Command
- Optional Parameters: –
- Examples:
(Tokens) > Run cmd.exe
Changelog v2.1.1
- Update to add support for interactive sub-processes
Copyright (C) Alexander Leary (@0xbadjuju), NetSPI – 2018
Source: https://github.com/0xbadjuju/