Description
Steal a user token from the specified process.
Overview
Steals a token from the specified process and adds that token to the current Specter’s Token Manager. The operator can then leverage that token to take actions as that user (e.g. Start Process with Token).
Arguments
- ProcId: The process identifier (PID) of the process to steal a token from.
Pre-Requisites
- High integrity process
Modules
- Credentials
Example Output
Name : SYSTEM
Domain : NT AUTHORITY
SID : S-1-5-18
Groups : {BUILTIN\Administrators, Everyone, NT AUTHORITY\Authenticated Users}
Scope : Local
Type : TokenPrimary
Privileges : {@{Name=SeAssignPrimaryTokenPrivilege; Attributes=None}, @{Name=SeIncreaseQuotaPrivilege; Attributes=None}, @{Name=SeTcbPrivilege; Attributes=UsedForAccess}, @{Name=SeBackupPrivilege; Attributes=None}…}
IsAdministrator : True