diff options
| author | FixTheExchange <josh.bryant@custommopar.com> | 2015-10-30 11:38:57 -0500 | 
|---|---|---|
| committer | FixTheExchange <josh.bryant@custommopar.com> | 2015-10-30 11:38:57 -0500 | 
| commit | 17dd6835b97ee8c40e02319301e09be35770cd2f (patch) | |
| tree | e990df435e395f4e9e61692fc762430bd0be8c2a /docs/CodeExecution | |
| parent | 9f78286ea7b0ec65d2aa09893a076864dd8d14e9 (diff) | |
| download | PowerSploit-17dd6835b97ee8c40e02319301e09be35770cd2f.tar.gz PowerSploit-17dd6835b97ee8c40e02319301e09be35770cd2f.zip | |
Update Invoke-TokenManipulation.ps1
Windows 10 breaks the current version of Invoke-TokenManipulation.ps1 because wininit is now a protected processes.  Rather than hardcoding to a specific process to obtain a SYSTEM token, it's better to enumerate all processes running as SYSTEM and find one that works. I have updated the script to version 1.12 and added logic on lines 1689-1696 to make sure it can successfully grab a SYSTEM token necessary to function.
Diffstat (limited to 'docs/CodeExecution')
0 files changed, 0 insertions, 0 deletions