////////////////////////////////////////////////////////////////////////////////
//
////////////////////////////////////////////////////////////////////////////////
private bool _SetTokenInformation()
{
Winnt._SID_IDENTIFIER_AUTHORITY pIdentifierAuthority = new Winnt._SID_IDENTIFIER_AUTHORITY
{
Value = new byte[] { 0x0, 0x0, 0x0, 0x0, 0x0, 0x10 } //16 - all
};
byte nSubAuthorityCount = 1;
IntPtr pSID = new IntPtr();
if (!advapi32.AllocateAndInitializeSid(ref pIdentifierAuthority, nSubAuthorityCount, 0x2000, 0, 0, 0, 0, 0, 0, 0, out pSID))
{
Misc.GetWin32Error("AllocateAndInitializeSid: ");
return(false);
}
Console.WriteLine(" [+] Initialized SID: 0x{0}", pSID.ToString("X4"));
Winnt._SID_AND_ATTRIBUTES sidAndAttributes = new Winnt._SID_AND_ATTRIBUTES
{
Sid = pSID,
Attributes = (uint)Winnt.SE_GROUP_INTEGRITY_32
};
try
{
Winnt._TOKEN_MANDATORY_LABEL tokenMandatoryLabel = new Winnt._TOKEN_MANDATORY_LABEL
{
Label = sidAndAttributes
};
int tokenMandatoryLableSize = Marshal.SizeOf(tokenMandatoryLabel);
if (0 != ntdll.NtSetInformationToken(phNewToken, 25, ref tokenMandatoryLabel, tokenMandatoryLableSize))
{
Misc.GetWin32Error("NtSetInformationToken: ");
return(false);
}
Console.WriteLine(" [+] Set Token Information On: 0x{0}", phNewToken.ToString("X4"));
if (0 != ntdll.NtFilterToken(phNewToken, 4, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, ref luaToken))
{
Misc.GetWin32Error("NtFilterToken: ");
return(false);
}
Console.WriteLine(" [+] LUA Token Handle: 0x{0}", luaToken.ToString("X4"));
}
catch (Exception ex)
{
Console.WriteLine("[-] {0}", ex.Message);
return(false);
}
finally
{
advapi32.FreeSid(pSID);
}
return(true);
}
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
public Boolean SetTokenInformation()
{
Winnt._SID_IDENTIFIER_AUTHORITY pIdentifierAuthority = new Winnt._SID_IDENTIFIER_AUTHORITY();
pIdentifierAuthority.Value = new byte[] { 0x0, 0x0, 0x0, 0x0, 0x0, 0x10 }; //16 - all
Byte nSubAuthorityCount = 1;
IntPtr pSID = new IntPtr();
if (!advapi32.AllocateAndInitializeSid(ref pIdentifierAuthority, nSubAuthorityCount, 0x2000, 0, 0, 0, 0, 0, 0, 0, out pSID))
{
GetWin32Error("AllocateAndInitializeSid: ");
return(false);
}
Console.WriteLine(" [+] Initialized SID: {0}", pSID.ToInt32());
Winnt._SID_AND_ATTRIBUTES sidAndAttributes = new Winnt._SID_AND_ATTRIBUTES();
sidAndAttributes.Sid = pSID;
sidAndAttributes.Attributes = Constants.SE_GROUP_INTEGRITY_32;
Winnt._TOKEN_MANDATORY_LABEL tokenMandatoryLabel = new Winnt._TOKEN_MANDATORY_LABEL();
tokenMandatoryLabel.Label = sidAndAttributes;
Int32 tokenMandatoryLableSize = Marshal.SizeOf(tokenMandatoryLabel);
if (0 != ntdll.NtSetInformationToken(phNewToken, 25, ref tokenMandatoryLabel, tokenMandatoryLableSize))
{
GetWin32Error("NtSetInformationToken: ");
return(false);
}
Console.WriteLine(" [+] Set Token Information : {0}", phNewToken.ToInt32());
if (0 != ntdll.NtFilterToken(phNewToken, 4, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, ref luaToken))
{
GetWin32Error("NtFilterToken: ");
return(false);
}
Console.WriteLine(" [+] Set LUA Token Information : {0}", luaToken.ToInt32());
advapi32.FreeSid(pSID);
return(true);
}
