Giters

yusufqk / SystemToken

Steal privileged token to obtain SYSTEM shell

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

SystemToken

This code will iterate over all processes on a system until it reaches a process with the following traits:

  • The user for that process is SYSTEM
  • The owner for that process is Administrators

Once a process is found with these two traits, the token for that process is duplicated and a new process with that token is created. This will result in a SYSTEM shell.

System Requirements

This code was tested on a Windows 10 x64 machine using Visual Studio 2019.
Must be run with UAC bypassed and Local Admin privileges.

Usage

Compile and run SystemToken.exe

References

This work is based on the research done by Justin Bui from SpecterOps
https://docs.microsoft.com/en-us/windows/win32/secauthz/access-tokens
Windows API exploitation at PentesterAcademy (amazing course, learned alot). The EnablePriv.h file used to enable privileges (no longer provided and never used by this tool) is a modified version from the course.

About

Steal privileged token to obtain SYSTEM shell

Languages

Language:C 100.0%