https://github.com/blackarrowsec/handly
Abuse leaked token handles.
https://github.com/blackarrowsec/handly
Last synced: 12 months ago
JSON representation
Abuse leaked token handles.
- Host: GitHub
- URL: https://github.com/blackarrowsec/handly
- Owner: blackarrowsec
- License: apache-2.0
- Created: 2023-12-14T15:58:20.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-12-14T16:01:57.000Z (over 2 years ago)
- Last Synced: 2025-03-28T02:11:10.541Z (over 1 year ago)
- Language: C#
- Homepage:
- Size: 55.7 KB
- Stars: 131
- Watchers: 2
- Forks: 13
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Handly
[]() []() []()
Leverage leaked token handles to perform privilege escalation. This technique has been detailed in [this post](https://www.tarlogic.com/blog/token-handles-abuse-one-shell-to-handle-them-all/).
The technique is implemented for the following technologies:
* **IIS**: A simple ASPX webshell is provided that lists the available user tokens and allows to impersonate them to run an arbitrary executable present in the compromised host.
* **MSSQL**: A python script is provided that will load several C# assemblies, allowing to manipulate the user tokens available in the MSSQL's process memory.
#
[](https://www.blackarrow.net) [](https://twitter.com/BlackArrowSec) [](https://www.linkedin.com/company/blackarrowsec/)