Sorry. Let me explain again. What i mean is before the machine was
compromised, I used that machine to access share network with an
administrator account. When the machine was compromised and metepreter
was launched, I couldn't find any delegated token which was supposed to
exist coz of the machine accessing the network share at that
time.However, when I tried to access the network share on the
compromised machine (from the same machine) with other administrator
accounts, I could see the delegete tokens.
The meterpreter was launched with SYSTEM access.
Hope it is clear this time.
natron wrote:
> Sounds like it worked as expected. If you gained access to a
> different machine with an impersonated token, it worked.
>
> Also as expected, that delegated account does not have SYSTEM level
> access on the remote machine, so you didn't see all tokens on that
> machine.
>
> -N
>
> On Fri, Jan 23, 2009 at 3:32 AM, Robert wrote:
>
>> I tried token impersonation with incognito but it seems didn't work.
>> When a compromised machine access the network share on a different
>> machine, none of the delegate token listed. However, when a local
>> connection is made on the same machine, I could find the token to
>> impersonate.
>>
>> Any idea ?
>>
>> ___
>> Framework-Hackers mailing list
>> Framework-Hackers@spool.metasploit.com
>> http://spool.metasploit.com/mailman/listinfo/framework-hackers
>>
>>
>
>
___
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers