Sorry. Let me explain again. What i mean is before the machine was compromised, I used that machine to access share network with an administrator account. When the machine was compromised and metepreter was launched, I couldn't find any delegated token which was supposed to exist coz of the machine accessing the network share at that time.However, when I tried to access the network share on the compromised machine (from the same machine) with other administrator accounts, I could see the delegete tokens.
The meterpreter was launched with SYSTEM access. Hope it is clear this time. natron wrote: > Sounds like it worked as expected. If you gained access to a > different machine with an impersonated token, it worked. > > Also as expected, that delegated account does not have SYSTEM level > access on the remote machine, so you didn't see all tokens on that > machine. > > -N > > On Fri, Jan 23, 2009 at 3:32 AM, Robert <robert.mail...@gmail.com> wrote: > >> I tried token impersonation with incognito but it seems didn't work. >> When a compromised machine access the network share on a different >> machine, none of the delegate token listed. However, when a local >> connection is made on the same machine, I could find the token to >> impersonate. >> >> Any idea ? >> >> _______________________________________________ >> Framework-Hackers mailing list >> Framework-Hackers@spool.metasploit.com >> http://spool.metasploit.com/mailman/listinfo/framework-hackers >> >> > > _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
