Links

whoami

token::whoami displays the current token.
It has the following argument:
  • /full: Display more information about groups and privileges. The argument can actually be anything (e.g./bar).
Display current token:
mimikatz # token::whoami
* Process Token : {0;0030f129} 4 F 38912331 SERVER01\tmassie S-1-5-21-755659916-1915924768-2761631771-1001 (15g,24p) Primary
* Thread Token : no token
  • For more information about the output, see token::list.
  • By default, there is no thread token (impersonation token) and only a process token (prmary token).
The /full parameter can be used to display more information about groups (G) and privileges (P):
mimikatz # token::whoami /full
* Process Token : {0;04cfeb5e} 2 F 80775900 client1\tmassie S-1-5-21-1064812226-1257287110-2416274546-1001 (14g,24p) Primary
G:[MDE ] client1\None
G:[MDE ] Everyone
G:[MDE ] NT AUTHORITY\Local account and member of Administrators group
G:[MDE ] BUILTIN\Users
G:[MDEO ] BUILTIN\Administrators
G:[MDE ] BUILTIN\Remote Desktop Users
G:[MDE ] NT AUTHORITY\INTERACTIVE
G:[MDE ] NT AUTHORITY\Authenticated Users
G:[MDE ] NT AUTHORITY\This Organization
G:[MDE ] NT AUTHORITY\Local account
G:[MDE L ] NT AUTHORITY\LogonSessionId_0_624261
G:[MDE ] LOCAL
G:[MDE ] NT AUTHORITY\NTLM Authentication
G:[ ] Mandatory Label\High Mandatory Level
P:[ ] SeIncreaseQuotaPrivilege
P:[ ] SeSecurityPrivilege
P:[ ] SeTakeOwnershipPrivilege
P:[ ] SeLoadDriverPrivilege
P:[ ] SeSystemProfilePrivilege
P:[ ] SeSystemtimePrivilege
P:[ ] SeProfileSingleProcessPrivilege
P:[ ] SeIncreaseBasePriorityPrivilege
P:[ ] SeCreatePagefilePrivilege
P:[ ] SeBackupPrivilege
P:[ ] SeRestorePrivilege
P:[ ] SeShutdownPrivilege
P:[ ] SeDebugPrivilege
P:[ ] SeSystemEnvironmentPrivilege
P:[DE ] SeChangeNotifyPrivilege
P:[ ] SeRemoteShutdownPrivilege
P:[ ] SeUndockPrivilege
P:[ ] SeManageVolumePrivilege
P:[DE ] SeImpersonatePrivilege
P:[DE ] SeCreateGlobalPrivilege
P:[ ] SeIncreaseWorkingSetPrivilege
P:[ ] SeTimeZonePrivilege
P:[ ] SeCreateSymbolicLinkPrivilege
P:[ ] SeDelegateSessionUserImpersonatePrivilege
* Thread Token : no token
Displayed information:
  • *: Token Type
    • Process Token: Primary Token
    • Thread Token: Impersonation Token
  • G: Group Information
    • List of assigned groups to the token (source: kuhl_m_token.c)
    • M: Mandatory
    • D: Enabled by Default
    • E: Group Enabled
    • O: Group Owner
    • U: Group Use for Deny Only
    • L: Group Logon ID
    • R: Group Resource
  • P: Privilege Information
    • List of privileges for this token (source: kuhl_m_token.c)
    • D: Privilege Enabled by Default
    • E: Privilege Enabled
    • R: Privilege Removed
    • A: Privilege used for Access
Last modified 5mo ago