Home

Awesome

SystemToken

This code will iterate over all processes on a system until it reaches a process with the following traits:

Once a process is found with these two traits, the token for that process is duplicated and a new process with that token is created. This will result in a SYSTEM shell.

System Requirements

This code was tested on a Windows 10 x64 machine using Visual Studio 2019.
Must be run with UAC bypassed and Local Admin privileges.

Usage

Compile and run SystemToken.exe

References

This work is based on the research done by Justin Bui from SpecterOps
https://docs.microsoft.com/en-us/windows/win32/secauthz/access-tokens<br/> Windows API exploitation at PentesterAcademy (amazing course, learned alot). The EnablePriv.h file used to enable privileges (no longer provided and never used by this tool) is a modified version from the course.