Manipulating and Abusing Windows Access Tokens.
Manipulating and Abusing Windows Access Tokens.
TokenPlayer is just a small tool i made to learn win32 api programming and understand better the access token model of windows.
General options:
--help Display help menu.
Impersonation Options:
--impersonate Impersonates the specified pid and spawns a new child
process under its context.
--pid arg Proccess ID to steal the token from.
--spawn Spawns a new command prompt under the context of the
stolen token.
Execution Options:
--exec Execute an instance of a specified program under the
impersonated context.
--pid arg Proccess ID to steal the token from.
--prog The full path to the program to be executed.
--args Optional execution arguments for the specified
program.
Make Token Options:
--maketoken Create a new process under a set of creds for only
network authentication (Similar to runas /netonly).
--username arg Username
--password arg Password in plaintext format.
--domain arg The domain the user belongs, if domain isn't specified
the local machine will be used.
UAC Bypass Options:
--pwnuac Will try to bypass UAC using the token-duplication
method.
--spawn Spawns a new elevated prompt.
--prog arg The full path to the program to be executed.
--args arg Optional execution arguments for the specified
program.
Parent Process Spoofing Options:
--spoofppid Spawn a new instance of an application with spoofed
parent process.
--ppid arg The PID of the parent process.
--prog arg The full path to the program to be executed.
--args arg Optional execution arguments for the specified
program.
To compile it yourself you will need to install the boost library, because it uses it for parsing and handling the command line arguments. Also you'll need to specify the external library's folder on the project's settings.