Skip to content

Yair-Men/TokenMen

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
Properties
Properties
 
 
.gitignore
.gitignore
 
 
Acl.cs
Acl.cs
 
 
App.config
App.config
 
 
Interop.cs
Interop.cs
 
 
Program.cs
Program.cs
 
 
README.md
README.md
 
 
TokenMen.csproj
TokenMen.csproj
 
 
TokenMen.sln
TokenMen.sln
 
 

Repository files navigation

A simple POC tool to steal a process's token and launch a new one.

Capable of changing needed ACLs to launch a new interactive process with the privileges of a user who is not logged in interactively (Such as WinRM)

Require "SeDebugPrivilege" privilege (Mostly Local Admin after UAC), and the desired process is not PP/L protected.

Examples:

  • Launch cmd with the rights of the user who runs the PID 1852
.\TokenMen.exe 1852 cmd
  • Same as above but also changes the ACL to allow running new processes interactively (ChangeACL is case-insensitive)
.\TokenMen.exe 1852 cmd ChangeACL

TODO:

  • Add the ability to restore the changed DACLs

About

Token Manipulation

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

TokenMen_x64-v2 Latest
Nov 19, 2022
+ 1 release

Languages