In this recipe, we will impersonate another user on a network by using impersonation tokens. Tokens contain the security information for a login session and identifies the user, the user's groups, and the user's privileges. When a user logs into a Windows system, they are given an access token as a part of their authenticated session. Token impersonation allows us to escalate our privileges by impersonating that user. A system account, for example, may need to run as a domain administrator to handle a specific task and it generally relinquishes its elevated authority when done. We will utilize this weakness to elevate our access rights.
To execute this recipe we will need the following:
A connection to the Internet or intranet
A victim target machine is also required