Skip to content

Latest commit

 

History

History
85 lines (75 loc) · 3.15 KB

whoami.md

File metadata and controls

85 lines (75 loc) · 3.15 KB
Raw

whoami

token::whoami displays the current token.

It has the following argument:

  • /full: Display more information about groups and privileges. The argument can actually be anything (e.g./bar).

Display current token:

mimikatz # token::whoami
 * Process Token : {0;0030f129} 4 F 38912331    SERVER01\tmassie    S-1-5-21-755659916-1915924768-2761631771-1001   (15g,24p)       Primary
 * Thread Token  : no token
  • For more information about the output, see token::list.
  • By default, there is no thread token (impersonation token) and only a process token (prmary token).

The /full parameter can be used to display more information about groups (G) and privileges (P):

mimikatz # token::whoami /full
 * Process Token : {0;04cfeb5e} 2 F 80775900    client1\tmassie        S-1-5-21-1064812226-1257287110-2416274546-1001  (14g,24p)       Primary
   G:[MDE    ] client1\None
   G:[MDE    ] Everyone
   G:[MDE    ] NT AUTHORITY\Local account and member of Administrators group
   G:[MDE    ] BUILTIN\Users
   G:[MDEO   ] BUILTIN\Administrators
   G:[MDE    ] BUILTIN\Remote Desktop Users
   G:[MDE    ] NT AUTHORITY\INTERACTIVE
   G:[MDE    ] NT AUTHORITY\Authenticated Users
   G:[MDE    ] NT AUTHORITY\This Organization
   G:[MDE    ] NT AUTHORITY\Local account
   G:[MDE  L ] NT AUTHORITY\LogonSessionId_0_624261
   G:[MDE    ] LOCAL
   G:[MDE    ] NT AUTHORITY\NTLM Authentication
   G:[       ] Mandatory Label\High Mandatory Level
   P:[    ]    SeIncreaseQuotaPrivilege
   P:[    ]    SeSecurityPrivilege
   P:[    ]    SeTakeOwnershipPrivilege
   P:[    ]    SeLoadDriverPrivilege
   P:[    ]    SeSystemProfilePrivilege
   P:[    ]    SeSystemtimePrivilege
   P:[    ]    SeProfileSingleProcessPrivilege
   P:[    ]    SeIncreaseBasePriorityPrivilege
   P:[    ]    SeCreatePagefilePrivilege
   P:[    ]    SeBackupPrivilege
   P:[    ]    SeRestorePrivilege
   P:[    ]    SeShutdownPrivilege
   P:[    ]    SeDebugPrivilege
   P:[    ]    SeSystemEnvironmentPrivilege
   P:[DE  ]    SeChangeNotifyPrivilege
   P:[    ]    SeRemoteShutdownPrivilege
   P:[    ]    SeUndockPrivilege
   P:[    ]    SeManageVolumePrivilege
   P:[DE  ]    SeImpersonatePrivilege
   P:[DE  ]    SeCreateGlobalPrivilege
   P:[    ]    SeIncreaseWorkingSetPrivilege
   P:[    ]    SeTimeZonePrivilege
   P:[    ]    SeCreateSymbolicLinkPrivilege
   P:[    ]    SeDelegateSessionUserImpersonatePrivilege
 * Thread Token  : no token

Displayed information:

  • *: Token Type
    • Process Token: Primary Token
    • Thread Token: Impersonation Token
  • G: Group Information
    • List of assigned groups to the token (source: kuhl_m_token.c)
    • M: Mandatory
    • D: Enabled by Default
    • E: Group Enabled
    • O: Group Owner
    • U: Group Use for Deny Only
    • L: Group Logon ID
    • R: Group Resource
  • P: Privilege Information
    • List of privileges for this token (source: kuhl_m_token.c)
    • D: Privilege Enabled by Default
    • E: Privilege Enabled
    • R: Privilege Removed
    • A: Privilege used for Access