If a process is running as a domain admin on a host that you have local admin on, this tool can impersonate their process token and either create a new domain admin or create a new domain computer with DS-Replication-Get-Changes and DS-Replication-Get-Changes-All extended rights.
StealToken.exe --help
-d, --domain Required. The domain your target user belongs to.
-u, --username Required. The username of your target.
--da Required. Create a new user and add them to the Domain Admins group.
--computer Required. Create a new computer with DS-Replication-Get-Changes and
DS-Replication-Get-Changes-All extended rights.
--help Display this help screen.
--version Display version information.
Change these in the source before building. A simple find & replace should suffice.
KeepCalm:SN3J3tQfC$otu!sO(Domain Admin)KeepCalm$:SN3J3tQfC$otu!sO(Computer)
