Intro In windows things like access permissions are handled with tokens. Think of them as API tokens, they have certain permissions that you can do like impersonate other users or enable debugging on windows. The things that will be looked at in this post is how you can use windows tokens to get lower permissions than the Administrator user. Stealing Tokens Via Windows Processes Getting right to the point. In windows processes also have access tokens and certain processes like winlogon you can duplicate the token and use it to run commands as another user.

Intro The windows registry is a system database that contains keys and values. Some things in the registry include; Windows credentials, cached passwords, usernames, and other credentials. In windows a group of keys is called a “hive” the hives that are the cool ones are; SAM, System, and Security. SYSTEM Hive The most important registry hive is the “System” hive, in the key: CurrentControlSet\Control\Lsa there are the necessary components to craft the boot key which will be used to decrypt the rest of the registry database to get things like hashes for users.