Example #1
0
        ////////////////////////////////////////////////////////////////////////////////
        // Creates a new process as SYSTEM
        ////////////////////////////////////////////////////////////////////////////////
        public bool GetSystem(string newProcess)
        {
            SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
            NTAccount          systemAccount      = (NTAccount)securityIdentifier.Translate(typeof(NTAccount));

            Console.WriteLine("[*] Searching for {0}", systemAccount.ToString());
            processes = UserSessions.EnumerateUserProcesses(false, systemAccount.ToString());

            foreach (uint process in processes.Keys)
            {
                if (OpenProcessToken((int)process))
                {
                    Console.WriteLine(" [+] Opened {0}", process);
                    SetWorkingTokenToRemote();
                    if (DuplicateToken(Winnt._SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation))
                    {
                        SetWorkingTokenToNewToken();
                        if (StartProcessAsUser(newProcess))
                        {
                            return(true);
                        }
                    }
                }
            }

            Misc.GetWin32Error("GetSystem");
            return(false);
        }
Example #2
0
 public override string ToString()
 {
     if (ntAccount == null)
     {
         return(sid.ToString());
     }
     else
     {
         return(ntAccount.ToString());
     }
 }
Example #3
0
        ////////////////////////////////////////////////////////////////////////////////
        // Elevates current process to SYSTEM
        ////////////////////////////////////////////////////////////////////////////////
        public bool GetSystem()
        {
            SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
            NTAccount          systemAccount      = (NTAccount)securityIdentifier.Translate(typeof(NTAccount));

            Console.WriteLine("[*] Searching for {0}", systemAccount.ToString());
            processes = UserSessions.EnumerateUserProcesses(false, systemAccount.ToString());

            foreach (uint process in processes.Keys)
            {
                if (OpenProcessToken((int)process))
                {
                    Console.WriteLine(" [+] Opened {0}", process);
                    SetWorkingTokenToRemote();
                    if (ImpersonateUser())
                    {
                        return(true);
                    }
                }
            }
            return(false);
        }
Example #4
0
        private void LoadTSUsers()
        {
            try
            {
                listTSUser.Clear();
                TerminalServicesManager tsManager = new TerminalServicesManager();
                string[] massHosts = new string[] { "TS1", "TS2", "TS3", "TS4", "TS5", "TS6", "TS7" };

                foreach (var host in massHosts)
                {
                    using (ITerminalServer server = tsManager.GetRemoteServer(host))
                    {
                        server.Open();
                        foreach (ITerminalServicesSession session in server.GetSessions())
                        {
                            NTAccount account = session.UserAccount;
                            if (account != null)
                            {
                                TSUser user = new TSUser()
                                {
                                    DomainName        = session.DomainName,
                                    PCName            = session.ClientName,
                                    TSName            = host,
                                    UserName          = session.UserName,
                                    ConnectionState   = session.ConnectionState.ToString(),
                                    WindowStationName = session.WindowStationName,
                                    UserAccount       = account.ToString(),
                                };
                                Dispatcher.Invoke((Action)(() =>
                                {
                                    listTSUser.Add(user);
                                }));
                            }
                        }
                    }
                }

                foreach (var user in listTSUser)
                {
                    user.ClientIPAddress = (from i in listPcIPAndPcName where i.PcName.ToLower() == user.PCName.ToLower() select i.PcIP).FirstOrDefault();
                }
            }
            catch (Exception ex)
            {
                Bindings.StatusBarText = ex.Message;
            }
        }
Example #5
0
        /// <summary>
        /// Grant All Access Permission to user
        /// </summary>
        /// <param name="key"></param>
        protected void GrantAllAccessPermission(String key)
        {
            try
            {
                SecurityIdentifier sid     = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
                NTAccount          account = sid.Translate(typeof(NTAccount)) as NTAccount;

                // Get ACL from Windows
                using (RegistryKey rk = Registry.LocalMachine.OpenSubKey(key))
                {
                    RegistrySecurity rs = new RegistrySecurity();

                    // Creating registry access rule for 'Everyone' NT account
                    RegistryAccessRule rar = new RegistryAccessRule(
                        account.ToString(),
                        RegistryRights.FullControl,
                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                        PropagationFlags.None,
                        AccessControlType.Allow);

                    rs.AddAccessRule(rar);
                    rk.SetAccessControl(rs);
                }
            }
            catch (System.Security.SecurityException ex)
            {
                //throw new InstallException(
                //    String.Format("An exception in GrantAllAccessPermission, security exception! {0}", key),
                //    ex);
            }
            catch (UnauthorizedAccessException ex)
            {
                //throw new InstallException(
                //    String.Format("An exception in GrantAllAccessPermission, access denied! {0}", key),
                //    ex);
            }
        }
Example #6
0
        SPUserInfo ProcessUser(SearchResult result, string distinguishedName)
        {
            SPUserInfo info;

            if (processed.TryGetValue(distinguishedName, out info) == false)
            {
                info      = new SPUserInfo();
                info.Name = ResultValue(result, "displayName");
                if (string.IsNullOrEmpty(info.Name))
                {
                    info.Name = ResultValue(result, "name");
                }

                info.Email = ResultValue(result, "mail");

                byte[]             sid        = (byte[])result.Properties["objectSid"][0];
                SecurityIdentifier identifier = new SecurityIdentifier(sid, 0);
                NTAccount          account    = (NTAccount)identifier.Translate(typeof(NTAccount));
                info.LoginName = account.ToString();
                processed.Add(distinguishedName, info);
            }

            return(info);
        }