Don't use Mimikatz 🥝, build your own | Token Impersonation скачать в хорошем качестве

Don't use Mimikatz 🥝, build your own | Token Impersonation

github repo : https://github.com/Ximoxkil547/Amacho ----------------------------------------------------------------------------------------- The content in this video is for educational purposes only. We do not promote or condone any illegal activity or hacking without the expressed written consent of the target. Any actions taken by viewers based on the content of this video is solely at their own risk and we will not be held liable for any damages or legal consequences that may arise. ---------------------------------------------------------------------------------------- one of the mimikatz functionalities is impersonating an administrator or a hight privilege user, by taking adventage of the SeImpersonatePrivilege, and in to days video we gonna learn how to do it from scratch instead of being a script kidde and just executing an allready existing tool. so let's get started. -------------------------------------------------------------------------------------------- Title: Token Impersonation | Escalating Privileges & Spawning Processes | C++ Exploitation Tutorial Description: 🔒 Unlock the power of token impersonation and learn how to escalate privileges and spawn processes using C++ in this comprehensive cybersecurity tutorial! 🔒 🔑 Have you ever wondered how attackers leverage the "SeImpersonate" privilege after compromising an account on a domain? 🕵️‍♂️ Discover the secrets behind "whoami /priv" and explore the powerful tools like "mimikatz token:elevate" and "juicy potato" that exploit this privilege to escalate privileges and gain system-level access! 🔑 💡 In this detailed video, we delve deep into the intricacies of token impersonation, teaching you the fundamentals and walking you through the entire process step-by-step. We'll explain the core concepts before diving into coding, making it accessible to both beginners and experienced cybersecurity enthusiasts! 💡 ⚙️ Explore the core concepts of token impersonation, its underlying mechanisms, and the vulnerabilities it exploits in the Windows operating system. Witness how this privilege can be harnessed to extract access tokens from processes running under system privileges and spawn new processes with elevated privileges like cmd or a reverse shell. ⚙️ 📜 Our in-depth tutorial will guide you through the coding part using C++, ensuring you grasp the implementation details thoroughly. Gain hands-on experience as we build a powerful tool to demonstrate token impersonation in action! 📜 📚 In this educational video, we cover: ✅ Understanding the "SeImpersonate" privilege and its significance in privilege escalation attacks. ✅ Introduction to "whoami /priv" and identifying users with "SeImpersonate" privilege. ✅ Utilizing "mimikatz token:elevate" and "juicy potato" to leverage token impersonation. ✅ Writing C++ code to exploit token impersonation, spawn new processes, and gain system-level access. ✅ Step-by-step walkthrough of the entire process, making it easy to follow along. ✅ Insights into real-world implications and security best practices to safeguard against token impersonation attacks. 🔔 Stay ahead in cybersecurity #TokenImpersonation #PrivilegeEscalation #CPlusPlusExploitation #CybersecurityTutorial #HackingSkills #EthicalHacking #PenetrationTesting #CybersecurityEnthusiast #ReverseShell #mimikatz #WindowsExploitation #OffensiveSecurity #CybersecurityEducation #SecurityTools #InfoSec #TechExploration #LearnCPlusPlus #CyberWarfare #CyberAwareness #SecurityAwareness #StaySecure #HackWithMe #CyberSkills #SecurityProfessionals #SecurityCommunity #StaySafeOnline ---------------------MENU--------------------------- 00:00 - intro 00:20 - recap of the last video 00:49 - Access token types 01:11 - Impersonation token 01:18 - mssql example 02:56 - what happens if i was able to compromise the sqlsvc user 03:20 - HTB lab where we gonna test our exploit 05:02 - what is the first thing to do? 05:09 - building the hasSeImpersonatePrivilege function 09:27 - testing our first function 10:12 - building the process enumeration function 13:21 - create the getprocessinfo function 16:45 - explaining inherit handles with the notepad example 17:13 - back to the getprocessinfo function 17:21 - create the deallocate process info function 17:53 - back to the getprocessinfo function 20:05 - visualization of allocating memory in the heap of a process 22:43 - combine domain user name function 24:16 - get back to the enumerate processes function 25:10 - testing the function in the main 26:27 - create the ImpersonateTokenAndSpawnNewProcess function 29:38 - Explaining the Impersonation levels from msdn 30:06 - get back to code 32:20 - test in the main