{"id":18863439,"url":"https://github.com/blackarrowsec/handly","last_synced_at":"2025-07-12T03:38:55.267Z","repository":{"id":215620743,"uuid":"731674036","full_name":"blackarrowsec/Handly","owner":"blackarrowsec","description":"Abuse leaked token handles.","archived":false,"fork":false,"pushed_at":"2023-12-14T16:01:57.000Z","size":57,"stargazers_count":131,"open_issues_count":0,"forks_count":13,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-28T02:11:10.541Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blackarrowsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-14T15:58:20.000Z","updated_at":"2025-01-02T23:26:23.000Z","dependencies_parsed_at":null,"dependency_job_id":"77a5bf7c-6976-4241-aa5b-a17d18bcdeda","html_url":"https://github.com/blackarrowsec/Handly","commit_stats":null,"previous_names":["blackarrowsec/handly"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2FHandly","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2FHandly/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2FHandly/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2FHandly/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blackarrowsec","download_url":"https://codeload.github.com/blackarrowsec/Handly/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248886310,"owners_count":21177643,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T04:37:32.553Z","updated_at":"2025-04-14T13:06:13.427Z","avatar_url":"https://github.com/blackarrowsec.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Handly\n[![](https://img.shields.io/badge/Category-Lateral%20Movement-E5A505?style=flat-square)]() [![](https://img.shields.io/badge/Category-Privilege%20Escalation-E5A505?style=flat-square)]() [![](https://img.shields.io/badge/Language-.NET%20%2f%20Python-E5A505?style=flat-square)]()\n\nLeverage leaked token handles to perform privilege escalation. This technique has been detailed in [this post](https://www.tarlogic.com/blog/token-handles-abuse-one-shell-to-handle-them-all/).\n\nThe technique is implemented for the following technologies:\n* **IIS**: A simple ASPX webshell is provided that lists the available user tokens and allows to impersonate them to run an arbitrary executable present in the compromised host.\n* **MSSQL**: A python script is provided that will load several C# assemblies, allowing to manipulate the user tokens available in the MSSQL's process memory. \n\n#\n\n[![](https://img.shields.io/badge/www-blackarrow.net-E5A505?style=flat-square)](https://www.blackarrow.net) [![](https://img.shields.io/badge/twitter-@BlackArrowSec-00aced?style=flat-square\u0026logo=twitter\u0026logoColor=white)](https://twitter.com/BlackArrowSec) [![](https://img.shields.io/badge/linkedin-@BlackArrowSec-0084b4?style=flat-square\u0026logo=linkedin\u0026logoColor=white)](https://www.linkedin.com/company/blackarrowsec/)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackarrowsec%2Fhandly","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblackarrowsec%2Fhandly","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackarrowsec%2Fhandly/lists"}