aboutsummaryrefslogtreecommitdiff
path: root/Exfiltration/Invoke-TokenManipulation.ps1
AgeCommit message (Collapse)AuthorFilesLines
2015-12-16Removed all version numbers from scriptsMatt Graeber1-2/+0
Scripts in a module should not be individually versioned. Only the module should be versioned.
2015-10-30Update Invoke-TokenManipulation.ps1FixTheExchange1-2/+0
Removed 2 unnecessary lines.
2015-10-30Update Invoke-TokenManipulation.ps1FixTheExchange1-4/+11
Windows 10 breaks the current version of Invoke-TokenManipulation.ps1 because wininit is now a protected processes. Rather than hardcoding to a specific process to obtain a SYSTEM token, it's better to enumerate all processes running as SYSTEM and find one that works. I have updated the script to version 1.12 and added logic on lines 1689-1696 to make sure it can successfully grab a SYSTEM token necessary to function.
2014-09-28Added -PassThru to Invoke-TokenManipulationclymb3r1-5/+35
Thanks to Run Mariboe for the contribution to Invoke-TokenManipulation adding the -PassThru flag for newly created processes. Version increased to 1.11.
2014-01-11Merge pull request #25 from clymb3r/masterMatt Graeber1-32/+142
Bug fixes for Invoke-TokenManipulation
2014-01-10Bug fixes for Invoke-TokenManipulationclymb3r1-32/+142
Processes could not be started when the script was being run from Session 0. The fix is to use the CreateProcessAsUserW function when running in Session 0. This API requires SeAssignPrimaryTokenPrivilege priviege, so for non-session0 calls I still use CreateProcessWithTokenW which does not require special privileges.
2013-11-13Normalized all scripts to ASCII encodingmattifestation1-1/+1
2013-11-04Updated Invoke-TokenManipulation helpclymb3r1-2/+2
2013-11-03Adding Invoke-TokenManipulationclymb3r1-0/+1773
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-26 02:31:58 +0000