public void Execute()
{
if (this.options.ProcessID != -1 || this.options.SessionId != -1)
{
this.InnerCreateProcess(this.options.ProcessID, this.options.SessionId);
}
else if (this.options.System)
{
var processes = TMProcess.GetProcessByName("lsass");
if (processes.Count == 0)
{
console.Error("Failed to find LSASS process. That is weird.");
return;
}
else if (processes.Count > 1)
{
console.Error("Found multiple LSASS processes. That is weird.");
return;
}
else
{
var lsassProcess = processes.First();
InnerCreateProcess(lsassProcess.ProcessId, -1);
}
}
}
public static void ListProcesses()
{
var processes = TMProcess.GetAllProcesses();
foreach (var p in processes)
{
try
{
var pHandle = TMProcessHandle.FromProcess(p, ProcessAccessFlags.QueryInformation);
var hToken = AccessTokenHandle.FromProcessHandle(pHandle, TokenAccess.TOKEN_QUERY);
var userInfo = AccessTokenUser.FromTokenHandle(hToken);
Console.WriteLine($"{p.ProcessId}, {p.ProcessName}, {userInfo.Username}");
} catch (Exception)
{
continue;
}
}
}
private TMProcess InnerCreateProcessAsUser()
{
this.InnerElevateProcess(PrivilegeConstants.SeAssignPrimaryTokenPrivilege, PrivilegeConstants.SeIncreaseQuotaPrivilege);
STARTUPINFO si = new STARTUPINFO();
PROCESS_INFORMATION pi;
SECURITY_ATTRIBUTES saProcessAttributes = new SECURITY_ATTRIBUTES();
SECURITY_ATTRIBUTES saThreadAttributes = new SECURITY_ATTRIBUTES();
if (!Advapi32.CreateProcessAsUser(this.TokenHandle.GetHandle(), this.Application, this.CommandLine, ref saProcessAttributes,
ref saThreadAttributes, false, 0, IntPtr.Zero, null, ref si, out pi))
{
Logger.GetInstance().Error($"Failed to create shell. CreateProcessAsUser failed with error code: {Kernel32.GetLastError()}");
throw new Exception();
}
return(TMProcess.GetProcessById(pi.dwProcessId));
}
private TMProcess InnerCreateProcessWithToken()
{
this.InnerElevateProcess(PrivilegeConstants.SeImpersonatePrivilege);
STARTUPINFO si = new STARTUPINFO();
if (this.Interactive)
{
si = this.InnerSetupInteractive();
}
PROCESS_INFORMATION pi;
if (!Advapi32.CreateProcessWithTokenW(this.TokenHandle.GetHandle(), LogonFlags.NetCredentialsOnly,
this.Application, this.CommandLine, CreationFlags.NewConsole, IntPtr.Zero, @"C:\", ref si, out pi))
{
Logger.GetInstance().Error($"Failed to create shell. CreateProcessWithTokenW failed with error code: {Kernel32.GetLastError()}");
throw new Exception();
}
return(TMProcess.GetProcessById(pi.dwProcessId));
}
public void Execute()
{
if (options.ListTokens)
{
var processes = TMProcess.GetAllProcesses();
this.InnerPrintProcesses(processes);
}
if (this.options.Privilege != null)
{
var processes = TMProcess.GetAllProcesses();
var found = new List <TMProcess>();
foreach (var proc in processes)
{
try
{
var hProc = TMProcessHandle.FromProcess(proc, ProcessAccessFlags.QueryInformation);
var hToken = AccessTokenHandle.FromProcessHandle(hProc, TokenAccess.TOKEN_QUERY);
var privileges = AccessTokenPrivileges.FromTokenHandle(hToken);
foreach (var priv in privileges.GetPrivileges())
{
if (priv.Name.ToLower().Contains(this.options.Privilege.ToLower()))
{
if (this.options.Disabled)
{
if (priv.IsDisabled())
{
found.Add(proc);
}
}
else
{
if (priv.IsEnabled())
{
found.Add(proc);
}
}
}
}
}
catch (Exception e)
{
console.Error("Failed to retrieve privilege information: " + e.Message);
}
}
this.InnerPrintProcesses(found);
}
if (this.options.Term != null && this.options.Term != "")
{
var processes = TMProcess.GetProcessByName(this.options.Term);
this.InnerPrintProcesses(processes);
}
if (this.options.User != null && this.options.User != "")
{
var processes = TMProcess.GetAllProcesses();
var found = new List <TMProcess>();
foreach (var proc in processes)
{
try
{
var hProc = TMProcessHandle.FromProcess(proc, ProcessAccessFlags.QueryInformation);
var hToken = AccessTokenHandle.FromProcessHandle(hProc, TokenAccess.TOKEN_QUERY);
var user = AccessTokenUser.FromTokenHandle(hToken);
if (user.Username.ToLower().Contains(this.options.User.ToLower()))
{
found.Add(proc);
}
}
catch
{
}
}
this.InnerPrintProcesses(found);
}
}