Rating:
This is a experimental task I made since I think Windows is not well-explored in CTF. So you can take this as a movement to encourage CTF players to learn more about Windows. :)
For the challenge description, please see distribution package in challenge folder.
The origin of this challenge is a presentation from James Forshaw (see reference).
To explain the logic of server.exe roughly : It checks the identity upon client connection, the check is done by enumerating threads in the client process and use AccessCheck to check the access from the thread token (if not present, use the primary token) against the security descriptor of C:\token.txt.
The intended solution involves using S4U mechanism to obtain an IdentificationLevel impersonation token. Note the first hint suggest you about impersonation. (See the API documentation)
For more details, see solution.cpp for more details.
