A tool to elevate privilege with Windows Tokens
This tool has two methods of operation - interactive and argument modes
Interactive Mode:
C:> tokenvator.exe
(Tokens) > steal_token 908 cmd.exe
(Tokens) >
Arguments Mode:
C:> tokenvator.exe steal_token 908 cmd.exe
C:>
-
- Optional Parameters: Process ID, Command
- Examples:
(Tokens) > GetSystem
or
(Tokens) > GetSystem 504
or
(Tokens) > GetSystem 504 regedit.exe
-
- Optional Parameters: Command
- Examples:
(Tokens) > GetTrustedInstaller
or
(Tokens) > GetTrustedInstaller regedit.exe
-
- Parameters: Process ID
- Optional Parameters: Command
- Examples:
(Tokens) > StealToken 1008
or
(Tokens) > StealToken calc regedit.exe
or
(Tokens) > StealToken 1008 regedit.exe
-
- Parameters: Process ID
- Optional Parameters: Command
- Examples:
(Tokens) > BypassUAC 1008
or
(Tokens) > BypassUAC regedit.exe
or
(Tokens) > BypassUAC 1008 regedit.exe
-
- Parameters: -
- Optional Parameters: -
- Examples:
(Tokens) > List_Privileges
-
- Parameters: Privilege
- Optional Parameters: -
- Examples:
(Tokens) > Set_Privileges SeSecurityPrivilege
-
- Parameters: -
- Optional Parameters: -
- Examples:
(Tokens) > List_Processes
-
- Parameters: -
- Optional Parameters: -
- Examples:
(Tokens) > List_Processes_WMI
-
- Parameters: Username
- Optional Parameters: -
- Examples:
(Tokens) > Find_User_Processes domain\user
-
- Parameters: Username
- Optional Parameters: -
- Examples:
(Tokens) > Find_User_Processes_WMI domain\user
-
- Parameters: -
- Optional Parameters: -
- Examples:
(Tokens) > List_User_Sessions
-
- Parameters: -
- Optional Parameters: -
- Examples:
(Tokens) > WhoAmI
-
- Parameters: -
- Optional Parameters: -
- Examples:
(Tokens) > RevertToSelf
-
- Parameters: Command
- Optional Parameters: -
- Examples:
(Tokens) > Run cmd.exe
Author: Alexander Leary (@0xbadjuju), NetSPI - 2018
License: BSD 3-Clause
Required Dependencies: None