Beispiel #1
0
        ////////////////////////////////////////////////////////////////////////////////
        // Starts Windows Module Installer and impersonates or starts a process with
        // the cloned token. There are better ways of doing this net .O
        ////////////////////////////////////////////////////////////////////////////////
        private static void _GetTrustedInstaller(CommandLineParsing cLP, IntPtr hToken)
        {
            bool exists, enabled;

            TokenInformation.CheckTokenPrivilege(hToken, "SeDebugPrivilege", out exists, out enabled);

            if (exists)
            {
                using (TokenManipulation t = new TokenManipulation(hToken))
                {
                    t.SetWorkingTokenToSelf();

                    if (!enabled)
                    {
                        t.SetTokenPrivilege(Winnt.SE_DEBUG_NAME, Winnt.TokenPrivileges.SE_PRIVILEGE_ENABLED);
                    }

                    if (string.IsNullOrEmpty(cLP.Command))
                    {
                        t.GetTrustedInstaller();
                    }
                    else
                    {
                        t.GetTrustedInstaller(cLP.CommandAndArgs);
                    }
                }
            }
            else
            {
                Console.WriteLine("[-] SeDebugPrivilege Is Not Assigned to Token");
            }
        }