What is TokenSnatcher
Token Snatcher is not a solution to resolve this problem. It will not protect your local network from anyone who might want to steal identities. However, it allows an admin user to understand how Token Snatching works. When you run Token Snatcher, it will help you take the identity of another user, and execute a command or use a service under his name.
1] Download & Run TokenSnatcher program
Download it, extract its contents and then run it. It will give you a warning message, but run it either way. It will then load the program which will reveal a list of accounts with local admin privileges on your computer.
On the top, notice where it says “Snatching token from.” The process steals the token which will help users steal the identity of another local admin user.
2] Switch identity and test
To use the credentials of any logged-in administrator, follow the instructions on the main screen. Token Snatcher is smart enough to locate and list all administrators, so choose the one you want and move forward. The current version offers you to select credentials from processes that are running as Administrator, i.e., with High or System Integrity Level. Do watch the video for clarity. Its more of analysis tool which can help you determine how much harm a local admin can do to the system using this technique.
3] Gain more information
Once you’ve run the command prompt in the security context of the local admin you’ve targeted using Token Snatcher, you’ll come across a bunch of information from the management server. Now, bear in mind that any process launched from the new command prompt will inherit the credentials of the local user. The server admin can use this to launch active directories and computers if he or she chooses to do so. Additionally, the server admin can make modifications and do whatever the local user can do among other things. What’s interesting here is the fact that Token Snatcher provides an event logger for the primary admin to see what had taken place beforehand. Map out permissions Overall, we should point out that Token Snatcher should not be used as the only tool in your arsenal to fight against Token Snatching. The most important thing is to ensure that you’re not exposing critical privileges via running processes. The official website suggests following these steps to get an overview of your exposure. You should map out three different areas of your infrastructure: Download the tool right now via the official website at www.tokensnatcher.com.
