Skip to content

blackarrowsec/Handly

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

Handly

Leverage leaked token handles to perform privilege escalation. This technique has been detailed in this post.

The technique is implemented for the following technologies:

  • IIS: A simple ASPX webshell is provided that lists the available user tokens and allows to impersonate them to run an arbitrary executable present in the compromised host.
  • MSSQL: A python script is provided that will load several C# assemblies, allowing to manipulate the user tokens available in the MSSQL's process memory.