Created
May 7, 2015 08:16
-
-
Save hacksysteam/dbcc64ce865b2faf43fd to your computer and use it in GitHub Desktop.
Token Stealing Using WinDBG
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kd> !process 8570b5e8 1 | |
PROCESS 8570b5e8 SessionId: 1 Cid: 025c Peb: 7ffdf000 ParentCid: 0704 | |
DirBase: 3eea5340 ObjectTable: 953b8570 HandleCount: 21. | |
Image: cmd.exe | |
VadRoot 8553ba60 Vads 37 Clone 0 Private 135. Modified 0. Locked 0. | |
DeviceMap 92b1bc80 | |
Token 953b6030 | |
ElapsedTime 00:02:53.332 | |
UserTime 00:00:00.000 | |
. . . |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment