Process Token Dumper

Get Started. It's Free
or sign up with your email address
Rocket clouds
Process Token Dumper by Mind Map: Process Token Dumper

1. Privilege Check

1.1. SeDebugPrivilege

1.1.1. GetCurrentProcess()

1.1.2. OpenProcessToken()

1.1.3. GetTokenInformation()

1.1.4. AdjustTokenPrivileges()

2. Get Process Handle

2.1. OpenProcess()

2.1.1. Choose Minimal Access

2.1.2. MAXIMUM_ALLOWED

2.1.3. PROCESS_QUERY_LIMITED_INFORMATION Protected Processes

2.1.3.1. Finding Protected Processes

3. Get Process Token Handle

3.1. OpenProcessToken()

3.1.1. MAXIMUM_ALLOWED

4. Dump Token Information

4.1. GetTokenInformation()

4.1.1. TokenUser

4.1.1.1. SID_AND_ATTRIBUTES

4.1.1.1.1. Demo

4.1.2. TokenOwner

4.1.2.1. Demo

4.1.3. TokenPrimaryGroup

4.1.3.1. Demo

4.1.4. TokenGroups

4.1.4.1. Demo

4.1.5. TokenPrivileges

4.1.5.1. LUID_AND_ATTRIBUTES

4.1.5.1.1. Demo

4.1.6. TokenSource

4.1.6.1. Demo

4.1.7. TokenType

4.1.7.1. Demo

4.1.8. TokenElevation

4.1.8.1. Demo

4.1.9. ... many others

5. Windows API Exploitation Recipes for Red - Blue Teams http://www.pentesteracademy.com/course?id=31