Course 25 - API Python Hacking | Episode 6: Privilege Modification and User Impersonation

In this lesson, you’ll learn about:

• Programmatic Privilege Modification
  • How to use the AdjustTokenPrivileges API to enable or disable specific privileges
  • Understanding the TOKEN_PRIVILEGES structure and how privilege attributes are modified
  • Enabling critical privileges like SeDebugPrivilege to allow advanced system access
• Preparing for Token Manipulation
  • Identifying a target process or user through window handles or process IDs (PID)
  • Elevating your script’s permissions to allow interaction with protected system processes
  • Understanding why privilege elevation is required before duplicating tokens
• Token Duplication Process
  • Using DuplicateTokenEx to create a new primary token from an existing process
  • Understanding how duplicated tokens inherit the identity and permissions of the original user
  • Preparing duplicated tokens for use in launching new processes
• Launching Processes Under a Different Identity
  • Using CreateProcessWithToken to start applications (e.g., cmd.exe) under another user’s context
  • Understanding how impersonation allows execution with different privilege levels
  • Observing how processes can run with the security context of another active user or system account
• Key Outcome
  • Understanding how Windows tokens can be modified, duplicated, and used for impersonation
  • Building the foundation for creating tools that perform privilege escalation, impersonation, and advanced system interaction