3. Use the Read Primitive to steal a System Token and make it work from low integrity as well
19
19
4. Clean it up and make it less noisy by masking current privs ONLY by adding SeImpersonate only using the Read Primitive + a mask of "SeImpersonatePrivilege" : 0x00000001d
20
20
5. Make it dnymically work with all version of windows without hardcoding SE_TOKEN_PRIVILEGES offset
21
+
22
+
This exploit is for educational purposes only. Please do not use this where you do not have permission.