Windows-based access token command execution method and system

The invention provides a command execution method and system based on a Windows access token, and the method comprises the steps: calling a preset function through a preset process enumeration module, and carrying out the enumeration operation of a to-be-injected process, so as to obtain a specified...

Full description

Saved in:
Bibliographic Details
Main Authors LI FEIYANG, XIA YUMING, LIU ZURONG, ZHANG ZHEN, YANG JING, HU SHAOYONG, GU SHUN
Format Patent
LanguageChinese
English
Published 31.10.2023
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:The invention provides a command execution method and system based on a Windows access token, and the method comprises the steps: calling a preset function through a preset process enumeration module, and carrying out the enumeration operation of a to-be-injected process, so as to obtain a specified process; acquiring the permission of the specified process and the permission of the simulation token, and injecting the specified process into the simulation token through a preset read and write anonymous pipeline, so that the permission of the simulation token is consistent with the permission of the specified process; and simulating the user security context of the login user, copying the current simulation token, creating a sub-process, executing a token access command by using the current simulation token, and performing data reading and closing operation on the preset reading and writing anonymous pipeline. According to the method, the technical problems that a vulnerability stealing reproduction means is e
Bibliography:Application Number: CN202310779849