https://github.com/aquilao/gotokentheft
Token stealing tool written by Go. Bypass Kaspersky,Defender,Avira, etc./Go 编写的 Token 窃取工具。免杀卡巴、Defender、小红伞等杀软
https://github.com/aquilao/gotokentheft
token windows
Last synced: about 1 year ago
JSON representation
Token stealing tool written by Go. Bypass Kaspersky,Defender,Avira, etc./Go 编写的 Token 窃取工具。免杀卡巴、Defender、小红伞等杀软
- Host: GitHub
- URL: https://github.com/aquilao/gotokentheft
- Owner: Aquilao
- Created: 2021-07-29T03:06:14.000Z (almost 5 years ago)
- Default Branch: main
- Last Pushed: 2025-01-16T02:20:00.000Z (over 1 year ago)
- Last Synced: 2025-03-28T23:05:15.414Z (about 1 year ago)
- Topics: token, windows
- Language: Go
- Homepage:
- Size: 17.6 KB
- Stars: 177
- Watchers: 3
- Forks: 20
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# GoTokenTheft
Go 编写的 Token 窃取工具,用于后渗透时在目标机器上使用不同的用户权限来执行程序和命令
> [!IMPORTANT]
>
> Token 窃取的前提是需要启用 `SeDebugPrivilege`,在大多数后渗透场景下是 `NT AUTHORITY\SYSTEM` 权限或者 `bypass UAC`之后的人类用户权限,比如`Administrator`
## 编译
Windows 下编译
```cmd
go build -o GoTokenTheft.exe main.go
```
跨平台编译
```bash
GOOS=windows GOARCH=386 CC="i686-w64-mingw32-gcc" go build -o GoTokenTheft.exe main.go
```
## 使用
### 快速上手
指定进程
Usage:
```
GoTokenTheft.exe -p -c
```
e.g.
```
GoTokenTheft.exe -p 114514 -c cmd.exe
```
指定用户
Usage:
```
GoTokenTheft.exe -u -c
```
e.g.
```
GoTokenTheft.exe -u "NT AUTHORITY\SYSTEM" -c cmd.exe
```
### 其他用法
查看系统内存在的所有`token`信息,包括权限和使用它的进程 pid,在实战场景下方便快速定位需要的`token`
```
GoTokenTheft.exe -t
```
查看系统内存在的所有进程信息,包括 pid 和进程名
```
GoTokenTheft.exe -p
```
查看帮助
```
GoTokenTheft.exe -h
```