Overview

Steals a token from the specified process and adds that token to the current Specter’s Token Manager. The operator can then leverage that token to take actions as that user (e.g. Start Process with Token).

Arguments

• ProcId: The process identifier (PID) of the process to steal a token from.

Pre-Requisites

• High integrity process

Modules

• Credentials

Example Output

Name            : SYSTEM
Domain          : NT AUTHORITY
SID             : S-1-5-18
Groups          : {BUILTIN\Administrators, Everyone, NT AUTHORITY\Authenticated Users}
Scope           : Local
Type            : TokenPrimary
Privileges      : {@{Name=SeAssignPrimaryTokenPrivilege; Attributes=None}, @{Name=SeIncreaseQuotaPrivilege; Attributes=None}, @{Name=SeTcbPrivilege; Attributes=UsedForAccess}, @{Name=SeBackupPrivilege; Attributes=None}…}
IsAdministrator : True