C# (CSharp) SafeLsaLogonHandle.CallPackage Examples

Example #1

        private static NtResult <SafeLsaReturnBufferHandle> QueryCachedTicket(SafeLsaLogonHandle handle, uint auth_package, string target_name, KERB_RETRIEVE_TICKET_FLAGS flags,
                                                                              Luid logon_id, SecHandle sec_handle, bool throw_on_error)
        {
            int string_length     = (target_name.Length) * 2;
            int max_string_length = string_length + 2;

            using (var request = new SafeStructureInOutBuffer <KERB_RETRIEVE_TKT_REQUEST>(max_string_length, true)) {
                request.Data.WriteUnicodeString(target_name + '\0');
                var request_str = new KERB_RETRIEVE_TKT_REQUEST()
                {
                    CacheOptions      = flags,
                    CredentialsHandle = sec_handle,
                    LogonId           = logon_id,
                    MessageType       = KERB_PROTOCOL_MESSAGE_TYPE.KerbRetrieveEncodedTicketMessage,
                    TargetName        = new UnicodeStringOut()
                    {
                        Length        = (ushort)string_length,
                        MaximumLength = (ushort)max_string_length,
                        Buffer        = request.Data.DangerousGetHandle()
                    }
                };
                request.Result = request_str;
                using (var result = handle.CallPackage(auth_package, request, throw_on_error)) {
                    if (!result.IsSuccess)
                    {
                        return(result.Cast <SafeLsaReturnBufferHandle>());
                    }
                    if (!result.Result.Status.IsSuccess())
                    {
                        return(result.Result.Status.CreateResultFromError <SafeLsaReturnBufferHandle>(throw_on_error));
                    }
                    return(result.Result.Buffer.Detach().CreateResult());
                }
            }
        }

Example #2

File: KerberosTicketCache.cs Project: yilu1021/sandbox-attacksurface-analysis-tools

        private static NtResult <KerberosTicketCacheInfo[]> QueryTicketCacheList(SafeLsaLogonHandle handle, Luid logon_id, bool throw_on_error)
        {
            var package = handle.LookupAuthPackage(AuthenticationPackage.KERBEROS_NAME, throw_on_error);

            if (!package.IsSuccess)
            {
                return(package.Cast <KerberosTicketCacheInfo[]>());
            }
            var request_struct = new KERB_QUERY_TKT_CACHE_REQUEST()
            {
                LogonId     = logon_id,
                MessageType = KERB_PROTOCOL_MESSAGE_TYPE.KerbQueryTicketCacheMessage
            };

            using (var request = request_struct.ToBuffer())
            {
                using (var result = handle.CallPackage(package.Result, request, throw_on_error))
                {
                    if (!result.IsSuccess)
                    {
                        return(result.Cast <KerberosTicketCacheInfo[]>());
                    }
                    if (!result.Result.Status.IsSuccess())
                    {
                        return(result.Result.Status.CreateResultFromError <KerberosTicketCacheInfo[]>(throw_on_error));
                    }
                    var response = result.Result.Buffer.Read <KERB_QUERY_TKT_CACHE_RESPONSE_HEADER>(0);
                    if (response.CountOfTickets == 0)
                    {
                        return(new KerberosTicketCacheInfo[0].CreateResult());
                    }
                    var buffer = BufferUtils.GetStructAtOffset <KERB_QUERY_TKT_CACHE_RESPONSE>(result.Result.Buffer, 0);
                    KERB_TICKET_CACHE_INFO[] infos = new KERB_TICKET_CACHE_INFO[response.CountOfTickets];
                    buffer.Data.ReadArray(0, infos, 0, response.CountOfTickets);
                    return(infos.Select(i => new KerberosTicketCacheInfo(i)).ToArray().CreateResult());
                }
            }
        }