Added an execute ability named UserToken under pwncat.facts.windows. This execute ability will utilize a leaked user token to impersonate the identity of another user. The enumerate.token.potato module implements the BadPotato technique to leak a SYSTEM token. This can then be used to impersonate the system account. These two pieces allow pwncat's escalate command to effectively escalate to the NT AUTHORITY\SYSTEM account.
Please note any noqa: comments needed to appease flake8.
Major Changes Implemented:
Added enumerate.token.potato and enumerate.token.privileges modules
Added UserToken standard Windows fact type for other token leaking situations in the future.
Pre-Merge Tasks
[x] Formatted all modified files w/ python-black
[x] Sorted imports for modified files w/ isort
[x] Ran flake8 on repo, and fixed any new problems w/ modified files
[x] Ran pytest test cases
[x] Added brief summary of updates to CHANGELOG (under [Unreleased])
For issues with pre-merge tasks, see CONTRIBUTING.md
Description of Changes
Fixes #106.
Added an execute ability named
UserTokenunderpwncat.facts.windows. This execute ability will utilize a leaked user token to impersonate the identity of another user. Theenumerate.token.potatomodule implements the BadPotato technique to leak a SYSTEM token. This can then be used to impersonate the system account. These two pieces allow pwncat'sescalatecommand to effectively escalate to theNT AUTHORITY\SYSTEMaccount.Please note any
noqa:comments needed to appease flake8.Major Changes Implemented:
enumerate.token.potatoandenumerate.token.privilegesmodulesUserTokenstandard Windows fact type for other token leaking situations in the future.Pre-Merge Tasks
python-blackisortflake8on repo, and fixed any new problems w/ modified filespytesttest cases[Unreleased])For issues with pre-merge tasks, see CONTRIBUTING.md
Screenshot of BadPotato in Action