Okay, so going a little bit further, along with some of the things we've been looking at, um,
we've seen how to get a system account.
but one thing that we haven't talked about is the usefulness after you have exploded a system of Impersonating other users.
And one of the tools that we can use for this
is called incognita.
And this is, ah, tool that's been built into the interpreter shell as well as Thea Mass boy framework used to be stand alone tool.
But now it's integrated.
Any way we can see that I My, uh you i d is still
anti authority for system.
is just load in Canada and just say, I want you to use it.
So the extensions now loaded, I can run the help Korean
and we see I've got various things here.
I can't Adam users to groups that already exist.
I can, uh, use off. Well, one thing I wanna do first well is list off my tokens.
So there's a group name option, and username will look at the group names first, see what that comes up.
So these are all the tokens exist on this system.
Remember, I'm running this with system level privileges,
so that's why I'm able to access such a large amount of information.
So off my news traitors, all my regular users, all my service
accounts, they're all showing here.
And if I run, does you? I can look at the individual users.
My ministry or count is right here.
But then I also have anti authority system, which I'm
ah, currently running under.
But I may want to impersonate the administrator account
for doing things like
running, you know, connecting to a network drive or logging into a session.
Something of that nature.
So you have two different kinds of tokens. One's a delegate token,
and one is in person. A token.
The delicate token lets you
deal with things. Like I just said, we're logging into a, uh
network drive, something that's not interact.
Impersonate. Token, on the other hand, lets you do interactive things like run commands within shell, for instance.
since I I know I've got an administrator here. I can try to impersonate
for little caveat. You do have to use an extra
because it'll cost parsing errors if you don't do that.
All right, So now it tells me that I have successfully impersonated the administrator account, which happens to be called I'II user.
And if I run, get you a G. We see that indeed I have. I've become the illustrator,
So those were useful. I can do things like, for instance, I can use the execute Command
command I want execute is command Don t x c, which is a windows log in show. Sorry, Windows Command Shell
and I also want Thio
Run that interactively
and I'm doing this from within motor purr.
And I can prove that I have become the administrator by just simply opening up a command show
saying the families bond with red impersonation.
But I am still the administrator, So that did work.
So for useful, you may need to impersonate other users
for other different reasons. And one nice thing about this impersonation process,
the way that is being done by using the tokens is that you don't need to deal with hash is, and you don't need to deal with credentials,
so it makes it a lot more stealthy if you're doing pen testing and trying to sneak around without detection.
All right, thanks. We'll see in the next section.