0xbadjuju / tokenvator Goto Github PK
View Code? Open in Web Editor NEWA tool to elevate privilege with Windows Tokens
A tool to elevate privilege with Windows Tokens
hi, i cannot build this because this file is missing?
The master branch currently targets Framework 4.5, which is not "Import the project into Visual Studio. The current target framework is .Net 3.5. "
Can you change that?
TokenVator.exe powershell.exe - Opens PowerShell
TokenVator.exe powershell.exe -enc aQBlAHgAKABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAb... - Not Functional
well met this problem when establishing the project, and i ve found an issue dealing with it but it had been closed, so somebody do me a favor please?
I successfully stole a process token, but I wasn't able to enable the privileges SeSecurityPrivilege and SeTakeOwnershipPrivilege, because there wasn't any:
I tried using Enable_Privilege ProcID SeSecurityPrivilege, but what I got is just this:
That means it should've worked out, but it didn't... The command List_Privileges ProcID always returns the same stuff like on the first screenshot.
I also tried running CMD as an admin and even as an NT AUTHORITY\System, but nothing worked out.
Seems like the program removes almost all privileges after launching. Is there a way to restore them using Tokenvator?
While backspacing a command you can go back beyond the normal prompt resulting in:
System.ArgumentOutOfRangeException: The value must be greater than or equal to zero and less than the console's buffer size in that dimentsion. Parameter name: left Actual value was -1. at System.ConsoleSetCursorPosition(Int32 left, Int32 top) at Tokenvator.TabComplete.KeyInput(StringBuilder stringBuilder, ConsoleKeyInfo at keyDown) at Tokenvator.TabComplete.ReadLine() at Tokenvator.MainLoop.Run()
Pressing return will return you to normal state.
The title should be enough.
BypassUAC fails on windows 10 1703
commenting out
//Console.WriteLine(" [+] Initialized SID: {0}", pSID.ToInt32());
in SetTokenInformation seams to solve the issue, strange
EDIT: change it to ToInt64 and it works
there is also a crash in Tockens:dispose but probably unrelated
Hi,
I was testing Tokenvator
when I got this stacktrace when printing to the named pipe from another process.
PS C:\users\public\phra> .\Tokenvator4.5.exe
(Tokens) > Steal_Pipe_Token \\.\pipe\phra cmd.exe
[*] Running cmd.exe
[*] Creating Listener Thread
[+] Created Pipe \\.\pipe\phra
[*] Joining Thread
[+] Connected to Pipe \\.\pipe\phra
[+] Read Pipe \\.\pipe\phra
[+] Impersonated Pipe \\.\pipe\phra
[+] Thread Token 0x02E4
[*] Joined Thread
[*] CreateProcessWithLogonW
[+] Created process: 6352
System.FormatException: Index (zero based) must be greater than or equal to zero and less than the size of the argument list.
at System.Text.StringBuilder.AppendFormatHelper(IFormatProvider provider, String format, ParamsArray args)
at System.String.FormatHelper(IFormatProvider provider, String format, ParamsArray args)
at System.IO.TextWriter.WriteLine(String format, Object arg0)
at System.IO.TextWriter.SyncTextWriter.WriteLine(String format, Object arg0)
at System.Console.WriteLine(String format, Object arg0)
at Tokenvator.NamedPipes.GetPipeToken(String pipeName, String command)
at Tokenvator.MainLoop.StealPipeToken(String input)
at Tokenvator.MainLoop.Run()
[-] Function MainLoop failed:
[-] The system cannot find the file specified
(Tokens) >
Hello, it seems that for some reason the newest update to Windows 10 broke the BypassUAC function, no matter what file I give it (even giving it a full path) it throws a file not found error.
Can it steal token from TI?
Hello,
I came to this Repo from your article after trying to find a workable solution to my problem.
I have 2 questions you could help me with at your discretion.
First of all, I am trying to create a program that would run under a local Windows User.
The program would periodically check some settings, and would allow for the management of some configurations. This includes restarting windows in case of some extreme error.
Unfortunately both operations need administrator rights. I am thus trying to run my program under and administrator account. Upon restarting the program would need to run once again.
Right now I use impersonation to switch the current user to and user of the administrator group. This works, however I also need Elevated status, which is not given by me. (some googling informed me that elevated status is determined on process startup?)
Do you have any idea on how to tackle this issue? I was thinking of using a kind of bootstrapper that would impersonate the admin account and would then create a process using 'runas'. I am in the process of testing that solution.
Secondly you seem to know a lot about windows authenticating, do you perhaps know a source of information were i could get a more general overview of this process (UAC, administrators, tokens etc.). The docs tend to go pretty deep and its hard to keep an overview. Or perhaps its a nice blog suggestion :)
Hi, I noticed that NT AUTHORITY\LOCAL SERVICE
was unable to write to the named pipe created by another user, due to too strict permissions on the pipe.
Using https://github.com/decoder-it/pipeserverimpersonate everything works fine.
I think that the issue can be solved like this: https://github.com/decoder-it/pipeserverimpersonate/blob/master/pipeserverimpersonate.ps1#L173
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.