Metasploit mailing list archives
Re: rev2self vs drop_token?
From: Matt Weeks <scriptjunkie () scriptjunkie us>
Date: Wed, 1 Apr 2015 08:06:50 -0500
1. Meterpreter can hold a token that it will use when spawning off any new threads or processes using Meterpreter functionality. drop_token tells meterpreter to release that token and go back to the Windows token. Windows itself natively handles various tokens as well; say you had exploited a process that runs as SYSTEM serving a named pipe that had called ImpersonateNamedPipeClient; you would be running as the impersonated user, which may not be privileged. So you need to drop the Windows token by calling the RevertToSelf Windows function call. So the meterpreter RevertToSelf not only drops the meterpreter token, it also calls ReverToSelf() to drop any temporary Windows tokens. 2. Steal_token steals a token from the process specified by ID; impersonate_token looks for a token specified by user name to steal from the entire system. 3. Yes -- http://www.scriptjunkie.us/
_______________________________________________ https://dev.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: rev2self vs drop_token? Matt Weeks (Apr 01)
- Re: rev2self vs drop_token? Rufe Glick (Apr 02)