Kali Linux

SharpImpersonation : A User Impersonation Tool – Via Token Or Shellcode Injection

SharpImpersonation is a User Impersonation Tool – Via Token Or Shellcode Injection. This was a learning by doing project from my side. Well known techniques are used to built just another impersonation tool with some improvements in comparison to other public tools. The code base was taken from:

  • https://github.com/0xbadjuju/Tokenvator

A blog post for the intruduction can be found here:

  • https://s3cur3th1ssh1t.github.io/SharpImpersonation-Introduction/

List user processes

List only elevated processes

PS > PS C:\temp> SharpImpersonation.exe list elevated

Impersonate the first process of the target user to start a new binary

PS > PS C:\temp> SharpImpersonation.exe user: binary:

Inject base64 encoded shellcode into the first process of the target user

PS > PS C:\temp> SharpImpersonation.exe user: shellcode:

Inject shellcode loaded from a webserver into the first process of the target user

PS > PS C:\temp> SharpImpersonation.exe user: shellcode:

Impersonate the target user via ImpersonateLoggedOnuser for the current session

PS > PS C:\temp> SharpImpersonation.exe user: technique:ImpersonateLoggedOnuser

R K

Recent Posts

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

1 hour ago

Full Spectrum Event Tracing For Windows Detection In The kernel Against Rootkits

Sanctum EDR demonstrates a multi-layered approach to detecting and preventing Event Tracing for Windows (ETW)…

1 hour ago

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

3 days ago

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

3 days ago

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

3 days ago

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

3 days ago