Token Impersonation
Abuse privileges.
Windows Access Tokens
Every process carries an access token describing its user, groups, and privileges. Windows supports impersonation — a process can act under another user's token. Abusing this lets a service account become SYSTEM.
Impersonation Privileges
Two token privileges are gold for escalation: SeImpersonatePrivilege and SeAssignPrimaryTokenPrivilege. Service accounts (IIS, MSSQL) usually hold SeImpersonate, which the "Potato" family of exploits abuses.
whoami /priv
# SeImpersonatePrivilege EnabledAll lessons in this course
- Windows Enumeration
- Service Misconfigurations
- Token Impersonation
- Credential Harvesting