What are tokens ?

Temprorary keys that allow you access to a system/network without hacing to provide credentials each time you access a file.Think like its a cookie but for computers.

Types →

Delegate - Created for logging into a machine or using Remote Desktop.

Impersonate - "non-interactive" such as attaching a network drive or a domain logon script.

Steps →

First lets go to our meterpreter and load in a tool called incognito and then we can

list_tokens -u

Now we can try to impersonate those given tokens and now to do that we just write

impersonate_Token marvel\\\\fcastle 

And it will do everything for us basically and we can use a tool like mimicatz to dump hashes as non Domain Admin .But what if a domain admin token is available so we can try to impersonate that token and try to use mimicatz and dump all them hashes.

How to Attack →

First load msfconsole and get a shell on the machine we have access to by using the psexec exploit and set all them options and get the meterpreter shell. Now that we have meterpreter session lets load this tool called incognito which is what we use for token impersonation (Important tool ) and now if we wanna see incognito commands we can seee them using help and it will be at the bottom.

And now we can list all the tokens for users by doing list_tokens -u and then to impersonate someone with those listed tokens we can do impersonate_token domain\\tokenowner and sometimes what can happen is that even if verything is succesfull you stillmight not be able to run admin commands but to fix that we can write this command

rev2self and then you can then use them commands.And remember delegate sessions come in when a computer is rebooted or logged in too .

Mitigation of this →