Part 5 - Using Incognito
Video Activity
This brief lesson discusses the usefulness which occurs after you have successfully exploited a system by impersonating other users. This tool is called incognito and it is built into the meterpretor shell as well as the metasploit framework. Participants learn step by step instructions in how to load incognito to add users to groups which exist an...
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
This brief lesson discusses the usefulness which occurs after you have successfully exploited a system by impersonating other users. This tool is called incognito and it is built into the meterpretor shell as well as the metasploit framework. Participants learn step by step instructions in how to load incognito to add users to groups which exist and list all tokens.
Video Transcription
00:04
Okay, so going a little bit further, along with some of the things we've been looking at, um,
00:11
we've seen how to get a system account.
00:13
And
00:15
but one thing that we haven't talked about is the usefulness after you have exploded a system of Impersonating other users.
00:22
And one of the tools that we can use for this
00:27
is called incognita.
00:30
And this is, ah, tool that's been built into the interpreter shell as well as Thea Mass boy framework used to be stand alone tool.
00:38
But now it's integrated.
00:40
Any way we can see that I My, uh you i d is still
00:44
anti authority for system.
00:47
And
00:49
what I can do now
00:51
is just load in Canada and just say, I want you to use it.
00:59
So the extensions now loaded, I can run the help Korean
01:03
and we see I've got various things here.
01:06
I can't Adam users to groups that already exist.
01:11
I can, uh, use off. Well, one thing I wanna do first well is list off my tokens.
01:19
So there's a group name option, and username will look at the group names first, see what that comes up.
01:27
So these are all the tokens exist on this system.
01:30
Remember, I'm running this with system level privileges,
01:34
so that's why I'm able to access such a large amount of information.
01:41
So off my news traitors, all my regular users, all my service
01:47
accounts, they're all showing here.
01:49
And if I run, does you? I can look at the individual users.
01:55
My ministry or count is right here.
01:57
But then I also have anti authority system, which I'm
02:00
ah, currently running under.
02:06
But I may want to impersonate the administrator account
02:09
for doing things like
02:13
running, you know, connecting to a network drive or logging into a session.
02:17
Something of that nature.
02:20
So you have two different kinds of tokens. One's a delegate token,
02:24
and one is in person. A token.
02:28
The delicate token lets you
02:30
deal with things. Like I just said, we're logging into a, uh
02:35
uh,
02:36
network drive, something that's not interact.
02:38
Impersonate. Token, on the other hand, lets you do interactive things like run commands within shell, for instance.
02:46
So what I can do
02:49
since I I know I've got an administrator here. I can try to impersonate
02:55
so a person a token
02:59
and
03:00
be copying baseness
03:05
for little caveat. You do have to use an extra
03:08
slash
03:09
because it'll cost parsing errors if you don't do that.
03:15
All right, So now it tells me that I have successfully impersonated the administrator account, which happens to be called I'II user.
03:22
And if I run, get you a G. We see that indeed I have. I've become the illustrator,
03:29
So those were useful. I can do things like, for instance, I can use the execute Command
03:37
command I want execute is command Don t x c, which is a windows log in show. Sorry, Windows Command Shell
03:46
and I also want Thio
03:51
Run that interactively
03:53
and I'm doing this from within motor purr.
03:57
And I can prove that I have become the administrator by just simply opening up a command show
04:03
saying the families bond with red impersonation.
04:12
But I am still the administrator, So that did work.
04:15
So for useful, you may need to impersonate other users
04:18
for other different reasons. And one nice thing about this impersonation process,
04:24
the way that is being done by using the tokens is that you don't need to deal with hash is, and you don't need to deal with credentials,
04:30
so it makes it a lot more stealthy if you're doing pen testing and trying to sneak around without detection.
04:36
All right, thanks. We'll see in the next section.
Up Next
Similar Content
