ToggleTokenPrivileges_BOF
September 14, 2021 · View on GitHub
What is this?
- An (almost) syscall-only BOF file intended to either add or remove token privileges within the context of your current process.
Who wrote it?
- Justin Lucas (@the_bit_diddler)
- Brad Campbell (@hackersoup)
What problem are you trying to solve?
- There are many boilerplate options to enable a specific subset of privileges; traditionally, this has been almost entirely centered around
SE_DEBUG- Why not let you, the operator have the power of choice? Pick to add-or-remove from an à la carte help menu.
- Why not let you, the operator have the power of choice? Pick to add-or-remove from an à la carte help menu.
How do I build this?
git clone https://github.com/EspressoCake/Toggle_Token_Privileges_BOF.git
cd Toggle_Token_Privileges_BOF/src
make
How do I use this?
- Load the
Aggressor.cnafile from thedistdirectory, after building - Determine whatever relative privilege number (see the help menu) you wish to apply to your current process token
- From a given
Beacon:# Getting general help syscall_enable_priv # Adding a privilege (SE_DEBUG) syscall_enable_priv 20 # Removing a privilege (SE_DEBUG) syscall_disable_priv 20
I tend to touch the stove carelessly, how are you taking care of the injury-prone?
- Currently, the
Aggressorscript has safeguards- The current
Beaconis checked to ensure that it is administrative, and anx64process
- The current
What does the output look like?
Adding/Revoking Current Process Token Privileges
