}//end of public Boolean ImpersonateAndExecute(Int32 processID, String command)
private static Boolean ExecuteCommand(IntPtr userAccountHandle, String command)
{
//general structs we need, would prefer to use NULL but .NET doesnt like it.
Win32API.PROCESS_INFORMATION _ProcessInfo = new Win32API.PROCESS_INFORMATION();
Win32API.SECURITY_ATTRIBUTES _ProcesSecurityAttributes = new Win32API.SECURITY_ATTRIBUTES();
Win32API.SECURITY_ATTRIBUTES _ThreadSecurityAttributes = new Win32API.SECURITY_ATTRIBUTES();
_ProcesSecurityAttributes.nLength = Marshal.SizeOf(_ProcesSecurityAttributes);
_ThreadSecurityAttributes.nLength = Marshal.SizeOf(_ThreadSecurityAttributes);
Win32API.STARTUP_INFO _AppStartupInfo = new Win32API.STARTUP_INFO();
_AppStartupInfo.cb = Marshal.SizeOf(_AppStartupInfo);
//todo: is there a better method of selecting
_AppStartupInfo.lpDesktop = @"WinSta0\Default"; //we want the defalt desktop
_AppStartupInfo.dwFlags = Win32API.STARTF_USESHOWWINDOW | Win32API.STARTF_FORCEONFEEDBACK;
_AppStartupInfo.wShowWindow = Win32API.SW_SHOW;
//todo: load the user profile so i can access MyDocuments and other profile information
//execute a new process with the token
if (Win32API.CreateProcessWithTokenW(userAccountHandle, Win32API.LOGON_FLAGS.LOGON_NETCREDENTIALS_ONLY, null, command, Win32API.CREATION_FLAGS.CREATE_NEW_CONSOLE, IntPtr.Zero, null, ref _AppStartupInfo, out _ProcessInfo))
{
Console.WriteLine("[+] Successfully Executed Command '{0}' With Process ID '{1}", command, _ProcessInfo.dwProcessId);
return(true);
}
Console.WriteLine("## ERROR ## - Problem Executing Command!\nWin32 Error: '{0}'", Marshal.GetLastWin32Error());
return(false);
}
private static Boolean ExecuteCommand(IntPtr userAccountHandle, String command)
{
//general structs we need, would prefer to use NULL but .NET doesnt like it.
Win32API.PROCESS_INFORMATION _ProcessInfo = new Win32API.PROCESS_INFORMATION();
Win32API.SECURITY_ATTRIBUTES _ProcesSecurityAttributes = new Win32API.SECURITY_ATTRIBUTES();
Win32API.SECURITY_ATTRIBUTES _ThreadSecurityAttributes = new Win32API.SECURITY_ATTRIBUTES();
_ProcesSecurityAttributes.nLength = Marshal.SizeOf(_ProcesSecurityAttributes);
_ThreadSecurityAttributes.nLength = Marshal.SizeOf(_ThreadSecurityAttributes);
Win32API.STARTUP_INFO _AppStartupInfo = new Win32API.STARTUP_INFO();
_AppStartupInfo.cb = Marshal.SizeOf(_AppStartupInfo);
//todo: is there a better method of selecting
_AppStartupInfo.lpDesktop = @"WinSta0\Default"; //we want the defalt desktop
_AppStartupInfo.dwFlags = Win32API.STARTF_USESHOWWINDOW | Win32API.STARTF_FORCEONFEEDBACK;
_AppStartupInfo.wShowWindow = Win32API.SW_SHOW;
//todo: load the user profile so i can access MyDocuments and other profile information
//execute a new process with the token
if (Win32API.CreateProcessWithTokenW(userAccountHandle, Win32API.LOGON_FLAGS.LOGON_NETCREDENTIALS_ONLY, null, command, Win32API.CREATION_FLAGS.CREATE_NEW_CONSOLE, IntPtr.Zero, null, ref _AppStartupInfo, out _ProcessInfo))
{
Console.WriteLine("[+] Successfully Executed Command '{0}' With Process ID '{1}", command, _ProcessInfo.dwProcessId);
return true;
}
Console.WriteLine("## ERROR ## - Problem Executing Command!\nWin32 Error: '{0}'", Marshal.GetLastWin32Error());
return false;
}