Incognito attacks with Meterpreter
Incognito allows us to impersonate user tokens. It was first integrated into Metasploit first, then to Meterpreter. In this recipe, we will be covering Incognito and use cases.
Note
Tokens are similar to web cookies. They are also similar to temporary keys, which allow us to enter the system and network without having to provide authentication details each time. Incognito exploits this by replaying that temporary key when asked to authenticate.There are two types of tokens: delegate
and impersonate
. delegate
tokens are for interactive logins, whereas impersonate
tokens are for noninteractive sessions.
How to do it...
- In a Meterpreter session running with system privileges, before using Incognito, we will load the
incognito
Meterpreter extension, and then have a look at the available options:
meterpreter > load incognito Loading extension incognito...Success. meterpreter > help Incognito Incognito Commands ================== Command ...