Small utility package for stealing tokens from other processes and using them in current threads, or duplicating them and starting other processes

getsystem

small utility for impersonating a user in the current thread or starting a new process with a duplicated token.

must already be in a high integrity context.

Example demo in /cmd/main.go folder

Available functions

// replace the current threads effective token
func OnThread(pid int) error

// start a new process from a duplicated token
func InNewProcess(pid int, cmd string, hidden bool) error

// Enable debug privilege
func DebugPriv() error

// Enable a specific privilege
func SePrivEnable(privString string) (err error)

// Return the owner of a given token
func TokenOwner(hToken windows.Token) (string, error)

Output

PS getsystem> go run .\cmd\ 1804
2021/08/21 11:06:04 Enabling seDebug...
2021/08/21 11:06:04 OK
2021/08/21 11:06:04 Current effective thread owner: DEMOPC\adm-user
2021/08/21 11:06:04 Beginning Token impersonation in current thread
2021/08/21 11:06:04 Current effective thread owner: NT AUTHORITY\SYSTEM
2021/08/21 11:06:04 Reverting to previous user
2021/08/21 11:06:04 Current effective thread owner: DEMOPC\adm-user
2021/08/21 11:06:04 Starting new process with duplicated token

greetz

@slyd0g for this article which was a huge help in understanding the inconsistencies I was seeing when testing this on different SYSTEM processes.

Owner
Alex Flores
〉It is a truth universally acknowledged, that a single man in possession of a good exploit must be in want of shellz.
Alex Flores
https://github.com/audibleblink/getsystem
Similar Resources

A small server for verifing if a given java program is succeptibel to CVE-2021-44228

CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build

Nov 9, 2022

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to

Dec 31, 2022

Search for vulnerabilities and exposures while filtering based on age, keywords, and other parameters.

Search for vulnerabilities and exposures while filtering based on age, keywords, and other parameters.

FAV/E FAV/E (Find A Vulnerability/Exposure) utilizes the NIST CVE database search API to search for vulnerabilities and exposures while filtering base

Dec 31, 2022

Utility to safely fetch Java class files being served by LDAP servers. Includes deobfuscator for common Log4J URL obfuscation techniques

ldap-get Utility to safely fetch Java class files being served by LDAP servers,

Nov 9, 2022

A detector for the Trojan Source and other unicode-based vulnerabilities.

Trojan Source Detector This application detects Trojan Source attacks in source code. It can be used as part of the CI system to make sure there are n

Jan 6, 2022

SandboxPPL - Golang PoC that sandboxes Defender (or other PPL) by setting its token integrity to Untrusted

SandboxPPL - Golang PoC that sandboxes Defender (or other PPL) by setting its token integrity to Untrusted

SandboxPPL Golang PoC that sandboxes Defender (or other PPL) by setting its toke

Jul 1, 2022

A golang package implementing a forkbomb using cgo.

A golang package implementing a forkbomb using cgo.

gfb - go-fork-bomb A golang package implementing a forkbomb using cgo. ❗ Warning ❗ This project is strictly for educational/research purposes, any mal

Dec 21, 2022

A light package for generating and comparing password hashing with argon2 in Go

argon2-hashing argon2-hashing provides a light wrapper around Go's argon2 package. Argon2 was the winner of the Password Hashing Competition that make

Sep 27, 2022

This package provides the following capabilities for managing and installing the WebView2

WebView2Runtime This package provides the following capabilities for managing and installing the WebView2 runtime: Retrieve version of installed WebVi

Aug 1, 2022
Related tags
Security winapi pentesting redteam
Package csrf is a middleware that generates and validates CSRF tokens for Flamego

csrf Package csrf is a middleware that generates and validates CSRF tokens for Flamego.

Nov 25, 2022
Update-java-ca-certificates - Small utility to convert the system trust store to a system Java KeyStore

update-java-ca-certificates This small utility takes care of creating a system-w

Dec 28, 2022
Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...
 Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with ?? by edoardottt. Share on Twitter! P

Dec 25, 2022
Log4j detector and reporting server for scalable detection of vulnerable running processes.

Log4j Detector A client and reporting server to identify systems vulnerable to Log4j at scale. This work is based on Stripe's Remediation Tools, but w

Apr 8, 2022
Application trying to detect processes vulnerable to log4j JNDI exploit

Log4j JNDI Jar Detector Purpose This application is able to detect jars used by

Jan 25, 2022
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
 CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

depsdev CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security sig

May 11, 2023
A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase.

goSecretBoxPassword This is a Golang library for securing passwords it is based on the Dropbox method for password storage. The both passphrases are f

Jan 3, 2023
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
 A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Introduction Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third par

Dec 28, 2022
Scan your pictures and videos for corruption, and sort them by EXIF or modification time

scanogram Scan your pictures and videos for corruption, and sort them by EXIF or modification time. Introduction This tool is a fast and lightweight s

Dec 2, 2022
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c

Dec 28, 2022