Intro In windows things like access permissions are handled with tokens. Think of them as API tokens, they have certain permissions that you can do like impersonate other users or enable debugging on windows. The things that will be looked at in this post is how you can use windows tokens to get lower permissions than the Administrator user.
Stealing Tokens Via Windows Processes Getting right to the point. In windows processes also have access tokens and certain processes like winlogon you can duplicate the token and use it to run commands as another user.
Intro The windows registry is a system database that contains keys and values. Some things in the registry include; Windows credentials, cached passwords, usernames, and other credentials. In windows a group of keys is called a “hive” the hives that are the cool ones are; SAM, System, and Security.
SYSTEM Hive The most important registry hive is the “System” hive, in the key: CurrentControlSet\Control\Lsa there are the necessary components to craft the boot key which will be used to decrypt the rest of the registry database to get things like hashes for users.
Description: Mothership C2 is my command and control server for managing and interacting with shell connections.
Features: Some features of Mothership include
Encryption for sending commands and their outputs Shells being managed and interacted with HTTP What is a C2? A C2 server is a Command and Control server, it helps with controlling and commanding shell connections. C2 servers are used by APTs (advanced persistent threats) and by red teams
Background Delta2 is an API that is a Swiss army knife for active directory. I wrote this project because I was sick of having to set up java and remembering how to use bloodhound python for doing active directory boxes on HackTheBox, so I wrote my own. Delta2’s primary use is automation like automate kerberoasting after mapping the domain or getting shortest paths to admin users and exploiting the necessary users to get to admin users.