Kali Linux

SharpImpersonation : A User Impersonation Tool – Via Token Or Shellcode Injection

SharpImpersonation is a User Impersonation Tool – Via Token Or Shellcode Injection. This was a learning by doing project from my side. Well known techniques are used to built just another impersonation tool with some improvements in comparison to other public tools. The code base was taken from:

https://github.com/0xbadjuju/Tokenvator

A blog post for the intruduction can be found here:

https://s3cur3th1ssh1t.github.io/SharpImpersonation-Introduction/

List user processes

List only elevated processes

PS > PS C:\temp> SharpImpersonation.exe list elevated

Impersonate the first process of the target user to start a new binary

PS > PS C:\temp> SharpImpersonation.exe user: binary:

Inject base64 encoded shellcode into the first process of the target user

PS > PS C:\temp> SharpImpersonation.exe user: shellcode:

Inject shellcode loaded from a webserver into the first process of the target user

PS > PS C:\temp> SharpImpersonation.exe user: shellcode:

Impersonate the target user via ImpersonateLoggedOnuser for the current session

PS > PS C:\temp> SharpImpersonation.exe user: technique:ImpersonateLoggedOnuser

Download

R K

Next kics : Find security vulnerabilities, compliance issues, and infrastructure misconfigurations »

Previous « SDomDiscover : A Easy-To-Use Python Tool To Perform DNS Recon

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

1 hour ago

Pentesting Tools

Full Spectrum Event Tracing For Windows Detection In The kernel Against Rootkits

Sanctum EDR demonstrates a multi-layered approach to detecting and preventing Event Tracing for Windows (ETW)…

1 hour ago

Cyber security

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

3 days ago

Hacking Tools

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

3 days ago

Vulnerability Analysis

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

3 days ago

Vulnerability Analysis

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

3 days ago

SharpImpersonation : A User Impersonation Tool – Via Token Or Shellcode Injection

List user processes

List only elevated processes

Impersonate the first process of the target user to start a new binary

Inject base64 encoded shellcode into the first process of the target user

Inject shellcode loaded from a webserver into the first process of the target user

Impersonate the target user via ImpersonateLoggedOnuser for the current session

Related Post

Recent Posts

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

Full Spectrum Event Tracing For Windows Detection In The kernel Against Rootkits

SpyAI : Intelligent Malware With Advanced Capabilities

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

Awesome Solana Security : Enhancing Program Development

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow