Why should you even bother with privilege escalation? There are so many other things to worry about when running an enterprise infrastructure, right? Wrong! ANY serious attack on your network will take advantage of privilege Read more…
15 years ago...
...I wrote my first token snatching application, PowerPrompt, as a leisure time experiment - the application would simply pop up a SYSTEM command console by "borrowing" a token from a SYSTEM process. Shortly thereafter I quit IBM and started working as an independent contractor providing Microsoft Infrastructure Services to some of the largest companies in Denmark, and forgot all about it.
Years went by and both Windows and myself have aged well 🙂 After completing my last +10 year assignment with a major international client I finally found the time to try and take token snatching to a new level.
The result seen in TokenSnatcher version 1.0, available for free in the download section, is A LITTLE BIT SHOCKING! It makes it very obvious that a lot of scenarios seen in major companies makes a perfect setup for privilege escalation, data theft and disruption. There is VERY LITTLE AWARENESS about this among IT admins!
The techniques used by TokenSnatcher are purely based on Windows API calls. Although used creatively, there are no hacks like buffer overruns or similar. This also means there's no patch coming up. It's simply a side effect of how the Windows operating system is designed.
My advice to you is to UNDERSTAND the threat, ANALYZE your exposure to the threat and PROTECT your company. If followed through, not only will you have better protection from inside attacks but you will also make it more difficult for an outside attacker to reach a critical level of privileges.
Independent Infrastructure Consultant