Handly

Leverage leaked token handles to perform privilege escalation. This technique has been detailed in this post.

The technique is implemented for the following technologies:

• IIS: A simple ASPX webshell is provided that lists the available user tokens and allows to impersonate them to run an arbitrary executable present in the compromised host.
• MSSQL: A python script is provided that will load several C# assemblies, allowing to manipulate the user tokens available in the MSSQL's process memory.