blackMath Posted November 10, 2015 Share Posted November 10, 2015 We would like to report a new technique (pass-the-token) and a tool made for use it by us.DARKEXECThis tool and techinque steals windows access tokens, bypassing restriction between user's context without getting passwords or dumping others authentication-mechanism grants... Using this, it leads to full access all user's resources (filesystem, registry, memory) and obviously all the others authentication-mechanism-grants already held by that user.The tool-project went out mainly for:“Administrative” and academic purposes, just think about those billions things n'configs you can't make without being inside own user's context. hell, yeah..“Evil” purposes instead... just wonder how bad it will be, directly accessing some windows domain network or, effectively in a post-exploitation scenario, gaining access with an account fully-privileged on the local system but without any grant on any interesting remote resource.. and maybe on to the same machine, or being able to access some others, where others have....Implementing and testing it, we've found this new technique (pass-the-token) reliable and simple, fully offering all capabilities held by the user such as smb, kerberos, and any.. in the same situation/assumption involved dumping memory...Take a look at references and try our tool @ www.blackmath.it any opinion about it, it's really appreciate! Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.