4.0
AppVisor 1.0.43
http://publisher.appvisor.com
Portable Application Description, or PAD(TM) 2004 Association of Software Professionals (ASP)http://www.asp-shareware.org/pad is a data set standard and specification that is commercialsoftware publishers to disseminate certified information about their software application. The PAD format is copyright of the ASP and cannot be used without the formal licensing and permission of both the Association of Software Professionals and its agent AppVisor.com.
N
CMP-60004E6416B1
APP-700086EE26B1
FALSE
TokenSnatcher
TokenSnatcher
pid-5000857006b1
bid-60004e6416b1
Skrubbeltrang & Platz ApS
Denmark
Region Syd
Middelfart
5500
Chr. Dannings Vej 62
Strib
https://skrubbeltrang.com
Morten
Skrubbeltrang
info@skrubbeltrang.com
Morten
Skrubbeltrang
info@skrubbeltrang.com
50104200
info@skrubbeltrang.com
info@skrubbeltrang.com
info@skrubbeltrang.com
50104200
50104200
50104200
50104200
Y
N
app-700086ee26b1
TokenSnatcher
1.0.1
03
05
2019
0
Freeware
System Utilities::Other
Utilities :: Miscellaneous,Security Tools :: PC Access Control
New Release
No Install Support
Windows
Win2000,WinXP,Win7 x32,Win7 x64,Windows 8,Windows 10,WinServer,WinOther,WinVista,WinVista x64
English
First release
Windows 8, Windows Server 2008 or later
No limitations
57344
56
0.05
N
https://www.easy365manager.com/tokensnatcher-run-as-system/
https://www.easy365manager.com/tokensnatcher-run-as-system/
https://www.easy365manager.com/wp-content/uploads/TokenSnatcher_Screenshot-1024x478.jpg
http://www.easy365manager.com/wp-content/uploads/TokenSnatcher_Icon_small.png
http://repository.appvisor.com/info/app-700086ee26b1/TokenSnatcher_pad.xml
https://www.youtube.com/watch?v=k1vDlIwq-v4
https://easy365mgr.azurewebsites.net/Software_TokenSnatcher/TokenSnatcher.exe
security,token,sid,impersonation,identity,theft,hacking,tweaking,privilege,elevation
Windows privilege elevation exposed.
TokenSnatcher allows you to start a process as another administrator.
TokenSnatcher allows you to start up any application using the identity of other administrators logged on to the system. The process is fully network capable so it allows you to use the credentials to connect to external ressources.
TokenSnatcher allows you to start up any application using the identity of other administrators logged on to the system. The process is fully network capable so it allows you to use the credentials to connect to external resources like file shares, Active Directory, etc. You must have local administrator rights, but you don't need any domain rights. This practically means you can become domain admin if a domain admin is logged on to your system.
TokenSnatcher will allow any local administrator to view all identities running a process with high or system integrity level. If desired, the user can then select any of the ID's after which TokenSnatcher will start a command prompt running as the selected ID. Any application started from the command prompt will inherit the ID. The process is fully network capable so it allows you to use the credentials to connect to external resources like file shares, Active Directory, etc. You must have local administrator rights, but you don't need any domain rights. This practically means you can become domain admin if a domain admin is logged on to your system.
The software is provided as-is. Use at your own risk. You're not allowed to redistribute the software or reverse engineer the code.
Skrubbeltrang & Platz ApS Software License Terms
THIS APPLICATION IS PROVIDED FOR EDUCATIONAL PURPOSES. DO NOT RUN IT ON ANY SYSTEM WITHOUT THE EXPLICIT ACCEPTANCE OF THE SYSTEM OWNER. DOING SO COULD GET YOU FIRED OR WORSE!
These license terms are an agreement between Skrubbeltrang & Platz ApS and you. Please read them. They apply to the software you are downloading from tokensnatcher.com.
BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE.
If you comply with these license terms, you have the rights below.
Installation and User Rights
You may install and use any number of copies of the software on your devices.
Scope of License
The software is licensed, not sold. This agreement only gives you some rights to use the software. Skrubbeltrang & Platz ApS reserves all other rights.
You may not
* reverse engineer, decompile or disassemble the software
* make more copies of the software than specified in this agreement
* publish the software for others to copy
* rent, lease or lend the software
* transfer the software or this agreement to any third party
* use the software for commercial software hosting services.
Support Services
Because this software is as-is, we may not provide support services for it.
Disclaimer of Warranty
The software is licensed as-is. You bear the risk of using it. Skrubbeltrang & Platz ApS gives no express warranties, guarantees or conditions.
Limitation on and Exclusion of Remedies and Damages
You can recover from Skrubbeltrang & Platz ApS and its suppliers only direct damages up to U.S. $0.01. You cannot recover any other damages, including consequential, lost profits, special, indirect or incidental damages.
This limitation applies to
* anything related to the software, services, content (including code) on third party Internet sites, or third party programs and
* claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.
It also applies even if Skrubbeltrang & Platz ApS knew or should have known about the possibility of the damages.
Morten
Skrubbeltrang
info@skrubbeltrang.com
15 years ago...
...I wrote my first token snatching application as a leisure time experiment - the application would simply pop up a SYSTEM command console by 'borrowing' a token from a SYSTEM process. Shortly thereafter I quit IBM and started working as an independent contractor providing Microsoft Infrastructure Services to some of the largest companies in Denmark, and forgot all about it.
Years went by, both Windows and myself have aged well, and after completing my last +10 year assignment with a major international client I finally found the time to try and take token snatching to a new level.
The result seen in TokenSnatcher version 1.0, available for free on http://tokensnatcher.com, is a little bit shocking I think. It makes it very obvious that a lot of scenarios seen in major companies makes a perfect setup for privilege elevation, data theft and disruption.
The techniques used by TokenSnatcher are purely based on Windows API calls. Although used creatively, there are no hacks like buffer overruns or similar. This also means there's no patch coming up. It's simply a side effect of how the Windows operating system is designed.
So, my advice to you is to UNDERSTAND the threat, ANALYZE your exposure to the threat and PROTECT your company. If followed through, not only will you have better protection from inside attacks but you will also make it more difficult for an outside attacker to reach a critical level of privileges.
Morten Skrubbeltrang
Independent Infrastructure Consultant
windows,security,access,token,privilege,elevation,impersonation,hacking,exposed
Windows Privilege Escalation Exposed
The TokenSnatcher application exposes a way to start processes as other users which is not well known. Understand how it works in order to protect yourself.
http://tokensnatcher.com
TokenSnatcher
http://www.easy365manager.com/tokensnatcher-run-as-system/
TokenSnatcher,security,windows,impersonation,privilege,elevation,token,process,system,hacking,tweaking,admin,administrator
This site promotes awareness about Windows privilege elevation to IT professionals.
This site promotes awareness about Windows privilege elevation to IT professionals in order to enable them to better protect themselves against attackers.
This site promotes awareness about Windows privilege elevation to IT professionals in order to enable them to better protect themselves against attackers.
Morten
Skrubbeltrang
info@skrubbeltrang.com
N
TRUE
TRUE
FALSE
http://repository.appvisor.com/
TokenSnatcher_pad.xml
https://easy365mgr.azurewebsites.net/Software_TokenSnatcher/TokenSnatcher.exe
TokenSnatcher.exe