The Impersonator Shell is a post-exploitation security assessment tool that leverages Windows token manipulation. This project combines the functionality of traditional penetration testing tools with advanced Windows API integration for seamless privilege escalation capabilities.
- Native Token Manipulation: Utilizes Windows API for token operations without requiring external tools.
- Zero External Dependencies: Operates using only native Windows components.
We are looking to expand the Impersonator Shell with the following:
- Dumping passwords with LSASS
- Maintaining Persistance with the Windows API
- Process Injection
gcc .\doexec.c .\main.c .\token_info.c .\winserver.c -o impersonator -lws2_32 %windir%\system32\advapi32.dll
- Process token acquisition
- Privilege elevation through SeImpersonatePrivilege
- Token impersonation and manipulation
- Command execution environment
- Session handling
-
Issue Tracking: All changes must reference an existing issue
- Create new issues for undocumented problems
- Use detailed descriptions and steps to reproduce
-
Build Process
- Remove build artifacts before commits
- Verify clean compilation
- Update documentation for interface changes
The Impersonator Shell has been presented at the following conferences:
- BSides Austin 2024
- Wild West Hack Fest Mile High 2025
Build Your Own Shell (BYOS) Project
Understanding and Abusing Process Tokens — Part I