Ejemplo n.º 1
0
 public static extern uint LsaOpenPolicy(ref ntsecapi._LSA_UNICODE_STRING SystemName, ref lsalookup._LSA_OBJECT_ATTRIBUTES ObjectAttributes, uint DesiredAccess, out IntPtr PolicyHandle);
Ejemplo n.º 2
0
 public static extern uint LsaOpenPolicy(IntPtr SystemName, ref lsalookup._LSA_OBJECT_ATTRIBUTES ObjectAttributes, lsalookup.LSA_ACCESS_MASK DesiredAccess, out IntPtr PolicyHandle);
Ejemplo n.º 3
0
        private bool CreateTokenPrivileges(Ntifs._TOKEN_USER tokenUser, Ntifs._TOKEN_GROUPS tokenGroups, out Winnt._TOKEN_PRIVILEGES_ARRAY tokenPrivileges)
        {
            Console.WriteLine("[*] _TOKEN_PRIVILEGES");

            tokenPrivileges = new Winnt._TOKEN_PRIVILEGES_ARRAY();

            //Console.WriteLine(" - LsaOpenPolicy");
            ntsecapi._LSA_UNICODE_STRING     systemName          = new ntsecapi._LSA_UNICODE_STRING();
            lsalookup._LSA_OBJECT_ATTRIBUTES lsaobjectAttributes = new lsalookup._LSA_OBJECT_ATTRIBUTES()
            {
                Length                   = (uint)Marshal.SizeOf(typeof(lsalookup._LSA_OBJECT_ATTRIBUTES)),
                RootDirectory            = IntPtr.Zero,
                ObjectName               = new ntsecapi._LSA_UNICODE_STRING(),
                Attributes               = 0,
                SecurityDescriptor       = IntPtr.Zero,
                SecurityQualityOfService = IntPtr.Zero
            };

            IntPtr hPolicyHandle = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(IntPtr)));
            uint   ntRetVal      = advapi32.LsaOpenPolicy(
                ref systemName,
                ref lsaobjectAttributes,
                (uint)lsalookup.LSA_ACCESS_MASK.POLICY_ALL_ACCESS,
                out hPolicyHandle
                );

            if (0 != ntRetVal)
            {
                Misc.GetNtError("LsaOpenPolicy", ntRetVal);
                return(false);
            }

            if (IntPtr.Zero == hPolicyHandle)
            {
                Misc.GetNtError("hPolicyHandle", ntRetVal);
                return(false);
            }

            Dictionary <string, Winnt._LUID> rights = new Dictionary <string, Winnt._LUID>();

            _LookupRights(hPolicyHandle, tokenUser.User.Sid, ref rights);
            for (int i = 0; i < extraGroups + localEntriesRead + globalEntriesRead; i++)
            {
                _LookupRights(hPolicyHandle, tokenGroups.Groups[i].Sid, ref rights);
            }

            tokenPrivileges = new Winnt._TOKEN_PRIVILEGES_ARRAY()
            {
                PrivilegeCount = (uint)rights.Keys.Count,
                Privileges     = new Winnt._LUID_AND_ATTRIBUTES[35]
            };

            int j = 0;

            foreach (string priv in rights.Keys)
            {
                tokenPrivileges.Privileges[j].Luid       = rights[priv];
                tokenPrivileges.Privileges[j].Attributes = Winnt.SE_PRIVILEGE_ENABLED;
                j++;
            }

            return(true);
        }