Ejemplo n.º 1
0
        ////////////////////////////////////////////////////////////////////////////////
        // Displays the users associated with a token
        ////////////////////////////////////////////////////////////////////////////////
        public void GetTokenDefaultDacl()
        {
            uint returnLength;

            advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenDefaultDacl, IntPtr.Zero, 0, out returnLength);
            hTokenDefaultDacl = Marshal.AllocHGlobal((int)returnLength);
            try
            {
                if (!advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenDefaultDacl, hTokenDefaultDacl, returnLength, out returnLength))
                {
                    Misc.GetWin32Error("GetTokenInformation (TokenDefaultDacl) - Pass 2");
                    return;
                }
                tokenDefaultDacl = (Winnt._TOKEN_DEFAULT_DACL)Marshal.PtrToStructure(hTokenDefaultDacl, typeof(Winnt._TOKEN_DEFAULT_DACL));
                if (IntPtr.Zero == tokenDefaultDacl.DefaultDacl)
                {
                    Misc.GetWin32Error("PtrToStructure");
                }
                tokenDefaultDaclAcl = (Winnt._TOKEN_DEFAULT_DACL_ACL)Marshal.PtrToStructure(hTokenDefaultDacl, typeof(Winnt._TOKEN_DEFAULT_DACL_ACL));
            }
            catch (Exception ex)
            {
                Misc.GetWin32Error("GetTokenInformation (TokenDefaultDacl - Pass 2");
                Console.WriteLine(ex.Message);
                return;
            }

            string primaryGroup = Marshal.PtrToStringUni(tokenPrimaryGroup.PrimaryGroup);

            Console.WriteLine("[+] ACL Count: {0}", tokenDefaultDaclAcl.DefaultDacl.AceCount);
            return;
        }
Ejemplo n.º 2
0
        private bool CreateTokenDefaultDACL(out Winnt._TOKEN_DEFAULT_DACL tokenDefaultDacl)
        {
            Console.WriteLine("[*] _TOKEN_DEFAULT_DACL");
            tokenDefaultDacl = new Winnt._TOKEN_DEFAULT_DACL()
            {
                DefaultDacl = IntPtr.Zero
            };

            return(true);
        }
Ejemplo n.º 3
0
 public static extern uint NtCreateToken(
     out IntPtr TokenHandle,
     uint DesiredAccess,
     ref wudfwdm._OBJECT_ATTRIBUTES ObjectAttributes,
     Winnt._TOKEN_TYPE TokenType,
     ref Winnt._LUID AuthenticationId, //From NtAllocateLocallyUniqueId
     ref long ExpirationTime,
     ref Ntifs._TOKEN_USER TokenUser,
     ref Ntifs._TOKEN_GROUPS_DYNAMIC TokenGroups,
     ref Winnt._TOKEN_PRIVILEGES_ARRAY TokenPrivileges,
     ref Ntifs._TOKEN_OWNER TokenOwner,
     ref Winnt._TOKEN_PRIMARY_GROUP TokenPrimaryGroup,
     ref Winnt._TOKEN_DEFAULT_DACL TokenDefaultDacl,
     ref Winnt._TOKEN_SOURCE TokenSource
     );