Ejemplos de NtToken.IsAccessGranted en C# (CSharp)

Ejemplo n.º 1

        private void RefreshProcessList(string filter, bool hideUnrestricted, bool showDeadProcesses)
        {
            bool filter_name = !string.IsNullOrWhiteSpace(filter);

            ClearList(listViewProcesses);
            ClearList(listViewThreads);

            using (var list = new DisposableList <NtProcess>(NtProcess.GetProcesses(ProcessAccessRights.MaximumAllowed)))
            {
                List <NtProcess> processes = list.Where(p => !p.IsDeleting || showDeadProcesses)
                                             .Where(p => p.IsAccessGranted(ProcessAccessRights.QueryLimitedInformation)).ToList();
                processes.Sort((a, b) => a.ProcessId - b.ProcessId);

                using (var tokens = new DisposableList <NtToken>(processes.Select(p => GetToken(p))))
                {
                    List <ListViewItem> procs   = new List <ListViewItem>();
                    List <ListViewItem> threads = new List <ListViewItem>();

                    Debug.Assert(processes.Count == tokens.Count);
                    for (int i = 0; i < processes.Count; ++i)
                    {
                        NtProcess p = processes[i];
                        NtToken   t = tokens[i];

                        if (t == null || !t.IsAccessGranted(TokenAccessRights.Query))
                        {
                            continue;
                        }

                        if (filter_name)
                        {
                            if (!p.FullPath.ToLower().Contains(filter.ToLower()))
                            {
                                continue;
                            }
                        }

                        if (hideUnrestricted)
                        {
                            if (!IsRestrictedToken(t))
                            {
                                continue;
                            }
                        }

                        procs.Add(CreateProcessNode(p, t));
                        threads.AddRange(CreateThreads(p, t));
                    }

                    listViewProcesses.Items.AddRange(procs.ToArray());
                    listViewThreads.Items.AddRange(threads.ToArray());
                    ResizeColumns(listViewProcesses);
                    ResizeColumns(listViewThreads);
                }
            }
        }

Ejemplo n.º 2

        private static NtToken DuplicateForAccessCheck(NtToken token)
        {
            if (token.IsPseudoToken)
            {
                // This is a pseudo token, pass along as no need to duplicate.
                return(token);
            }

            if (token.TokenType == TokenType.Primary)
            {
                return(token.DuplicateToken(TokenType.Impersonation, SecurityImpersonationLevel.Identification, TokenAccessRights.Query));
            }
            else if (!token.IsAccessGranted(TokenAccessRights.Query))
            {
                return(token.Duplicate(TokenAccessRights.Query));
            }
            else
            {
                // If we've got query access rights already just create a shallow clone.
                return(token.ShallowClone());
            }
        }

Ejemplo n.º 3

Archivo: TokenForm.cs Proyecto: Gnof/sandbox-attacksurface-analysis-tools

        private void UpdateTokenData()
        {
            UserGroup user = _token.User;

            txtUsername.Text = user.ToString();
            txtUserSid.Text  = user.Sid.ToString();

            TokenType tokentype = _token.TokenType;

            txtTokenType.Text = _token.TokenType.ToString();

            if (_token.TokenType == TokenType.Impersonation)
            {
                SecurityImpersonationLevel implevel = _token.ImpersonationLevel;
                txtImpLevel.Text = implevel.ToString();
            }
            else
            {
                txtImpLevel.Text = "N/A";
            }

            txtTokenId.Text    = _token.Id.ToString();
            txtModifiedId.Text = _token.ModifiedId.ToString();
            txtAuthId.Text     = _token.AuthenticationId.ToString();
            if (Enum.IsDefined(typeof(TokenIntegrityLevel), _token.IntegrityLevel))
            {
                comboBoxIL.SelectedItem       = _token.IntegrityLevel;
                comboBoxILForDup.SelectedItem = _token.IntegrityLevel;
            }
            else
            {
                comboBoxIL.Text       = _token.IntegrityLevel.ToString();
                comboBoxILForDup.Text = _token.IntegrityLevel.ToString();
            }

            txtSessionId.Text = _token.SessionId.ToString();
            if (_token.IsAccessGranted(TokenAccessRights.QuerySource))
            {
                txtSourceName.Text = _token.Source.SourceName;
                txtSourceId.Text   = _token.Source.SourceIdentifier.ToString();
            }
            else
            {
                txtSourceName.Text = "N/A";
                txtSourceId.Text   = "N/A";
            }
            TokenElevationType evtype = _token.ElevationType;

            txtElevationType.Text = evtype.ToString();
            txtIsElevated.Text    = _token.Elevated.ToString();
            txtOriginLoginId.Text = _token.Origin.ToString();

            btnLinkedToken.Enabled = evtype != TokenElevationType.Default;

            UpdateGroupList();

            txtPrimaryGroup.Text = _token.PrimaryGroup.Name;
            txtOwner.Text        = _token.Owner.Name;

            Acl defdacl = _token.DefaultDacl;

            if (!defdacl.NullAcl)
            {
                foreach (Ace ace in defdacl)
                {
                    UserGroup group = new UserGroup(ace.Sid, GroupAttributes.None);

                    ListViewItem item = new ListViewItem(group.ToString());

                    AccessMask mask = GenericAccessRights.GenericAll | GenericAccessRights.GenericExecute | GenericAccessRights.GenericRead | GenericAccessRights.GenericWrite;
                    string     maskstr;

                    if ((ace.Mask & ~mask).HasAccess)
                    {
                        maskstr = $"0x{ace.Mask:X08}";
                    }
                    else
                    {
                        maskstr = ace.Mask.ToGenericAccess().ToString();
                    }

                    item.SubItems.Add(maskstr);
                    item.SubItems.Add(ace.Flags.ToString());
                    item.SubItems.Add(ace.Type.ToString());
                    listViewDefDacl.Items.Add(item);
                }
            }
            else
            {
                listViewDefDacl.Items.Add("No Default DACL");
            }

            listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
            listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);

            if (_token.Restricted)
            {
                PopulateGroupList(listViewRestrictedSids, _token.RestrictedSids);
            }
            else
            {
                tabControlMain.TabPages.Remove(tabPageRestricted);
            }

            if (_token.AppContainer)
            {
                PopulateGroupList(listViewCapabilities, _token.Capabilities);
                txtACNumber.Text    = _token.AppContainerNumber.ToString();
                txtPackageName.Text = _token.AppContainerSid.Name;
                txtPackageSid.Text  = _token.AppContainerSid.ToString();
            }
            else
            {
                tabControlMain.TabPages.Remove(tabPageAppContainer);
            }

            txtUIAccess.Text     = _token.UIAccess.ToString();
            txtSandboxInert.Text = _token.SandboxInert.ToString();
            bool virtAllowed = _token.VirtualizationAllowed;

            txtVirtualizationAllowed.Text          = virtAllowed.ToString();
            btnToggleVirtualizationEnabled.Enabled = virtAllowed;
            if (virtAllowed)
            {
                txtVirtualizationEnabled.Text = _token.VirtualizationEnabled.ToString();
            }
            else
            {
                txtVirtualizationEnabled.Text = "N/A";
            }

            txtMandatoryILPolicy.Text = _token.MandatoryPolicy.ToString();
            txtHandleAccess.Text      = _token.GrantedAccess.ToString();
            Sid trust_level = _token.TrustLevel;

            txtTrustLevel.Text = trust_level != null ? trust_level.Name : "N/A";
            UpdatePrivileges();
            UpdateSecurityAttributes();

            if (_token.IsAccessGranted(TokenAccessRights.ReadControl))
            {
                securityDescriptorViewerControl.SetSecurityDescriptor(_token.SecurityDescriptor, _token.NtType, _token.NtType.ValidAccess);
            }
            else
            {
                tabControlMain.TabPages.Remove(tabPageSecurity);
            }
        }

Ejemplo n.º 4

        private void btnRefreshHandles_Click(object sender, EventArgs e)
        {
            ClearList(listViewHandles);
            int current_pid = Process.GetCurrentProcess().Id;

            NtToken.EnableDebugPrivilege();
            List <ListViewItem> items = new List <ListViewItem>();

            foreach (var group in NtSystemInfo.GetHandles()
                     .Where(h => h.ProcessId != current_pid && h.ObjectType.Equals("token", StringComparison.OrdinalIgnoreCase))
                     .GroupBy(h => h.ProcessId))
            {
                using (var proc = NtProcess.Open(group.Key, ProcessAccessRights.DupHandle | ProcessAccessRights.QueryLimitedInformation, false))
                {
                    if (!proc.IsSuccess)
                    {
                        continue;
                    }

                    foreach (NtHandle handle in group)
                    {
                        using (var token_result = NtToken.DuplicateFrom(proc.Result, new IntPtr(handle.Handle),
                                                                        TokenAccessRights.None, DuplicateObjectOptions.SameAccess, false))
                        {
                            if (!token_result.IsSuccess)
                            {
                                continue;
                            }
                            NtToken      token = token_result.Result;
                            ListViewItem item  = new ListViewItem(handle.ProcessId.ToString());
                            item.SubItems.Add(proc.Result.Name);
                            item.SubItems.Add($"0x{handle.Handle:X}");

                            if (!token.IsAccessGranted(TokenAccessRights.Query))
                            {
                                item.SubItems.Add("UNKNOWN");
                                item.SubItems.Add("UNKNOWN");
                                item.SubItems.Add("UNKNOWN");
                                item.SubItems.Add("UNKNOWN");
                                item.SubItems.Add("UNKNOWN");
                                item.SubItems.Add("UNKNOWN");
                            }
                            else
                            {
                                item.SubItems.Add(token.User.ToString());
                                item.SubItems.Add(token.IntegrityLevel.ToString());
                                string restricted = token.Restricted.ToString();
                                if (token.WriteRestricted)
                                {
                                    restricted = "Write";
                                }
                                item.SubItems.Add(restricted);
                                item.SubItems.Add(token.AppContainer.ToString());
                                item.SubItems.Add(token.TokenType.ToString());
                                item.SubItems.Add(token.ImpersonationLevel.ToString());
                            }
                            item.Tag = token.Duplicate();
                            items.Add(item);
                        }
                    }
                }
            }
            listViewHandles.Items.AddRange(items.ToArray());
            ResizeColumns(listViewHandles);
        }