Tags:template Related to:note-taking,notes See also: Potato attack Index: 📁EJPTv2 - INDEX - index location
Summary
Add a brief overview of what the content is
Content
Core component of LSASS
Access token is similar to a cookie provides user access to system or resources without having to provide vreds each time
Token generated by winlogon.exe - token contains identity and priv info This token attached to userinit.exe andall child processes started by user will inherit token from this process
two types
- Impersonate level token - made during non interactive logon - can only be used in local system
- Delegate level token - made through traditonal login - or RDP - can be used to impersonate tokens on any system
They following privs are required for impersonation
- SeAssignPrimaryToken
- SeCreateToken
- SeImpersonatePrivilage
Incognito Module
A meterpreter module that lists access token that we can impersonate
Metepreter load incognito - loads incognito list_tokens -u - lists tokens impersonate_token “Token name”