3 writeups tagged with Token Impersonation
IIS 6.0 WebDAV buffer overflow (CVE-2017-7269) for initial access. Token kidnapping / churrasco escalates to SYSTEM.
ColdFusion 8 arbitrary file upload RCE (CVE-2009-2265). MS10-059 (Chimichurri) token impersonation for privilege escalation.
WebDAV file upload with extension spoofing deploys an ASPX shell. Token impersonation via churrasco/juicy potato for SYSTEM.
