admin/conquest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Impersonated user is displayed in the client UI and persisted in the team server database.

Browse Source
This commit is contained in:
Jakob Friedl
2025-10-17 13:01:12 +02:00
parent 0fc8ff3caa
commit 4a1a70da4d
11 changed files with 95 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/modules/token.nim
View File

@@ -16,7 +16,7 @@ let module* = Module(
description: protect("Create an access token from username and password."),
example: protect("make-token LAB\\john Password123!"),
arguments: @[
Argument(name: protect("domain\\username"), description: protect("Account domain and username."), argumentType: STRING, isRequired: true),
Argument(name: protect("domain\\username"), description: protect("Account domain and username. For impersonating local users, use .\\username."), argumentType: STRING, isRequired: true),
Argument(name: protect("password"), description: protect("Account password."), argumentType: STRING, isRequired: true),
Argument(name: protect("logonType"), description: protect("Logon type (https://learn.microsoft.com/en-us/windows-server/identity/securing-privileged-access/reference-tools-logon-types)."), argumentType: INT, isRequired: false)
],
@@ -63,6 +63,9 @@ when defined(agent):
if task.argCount == 3:
logonType = cast[DWORD](Bytes.toUint32(task.args[2].data))
# Revert current token before creating a new one
discard rev2self()
if not makeToken(userParts[1], password, userParts[0], logonType):
return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(protect("Failed to create token.")))
return createTaskResult(task, STATUS_COMPLETED, RESULT_STRING, string.toBytes(fmt"Impersonated {username}."))