private void btnTestS4U_Click(object sender, EventArgs e)
{
try
{
LogonType logonType = (LogonType)comboBoxS4ULogonType.SelectedItem;
if (radioLUNormal.Checked)
{
using (UserToken token = TokenUtils.GetLogonUserToken(txtS4UUserName.Text, txtS4URealm.Text, txtLUPassword.Text, null, logonType))
{
TokenForm.OpenForm(token, true);
}
}
else
{
using (UserToken token = TokenUtils.GetLogonS4UToken(txtS4UUserName.Text, txtS4URealm.Text, logonType))
{
TokenForm.OpenForm(token, true);
}
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private void openTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
TreeNode selectedNode = treeViewProcesses.SelectedNode;
if (selectedNode != null)
{
NtProcess process = selectedNode.Tag as NtProcess;
NtHandle handle = selectedNode.Tag as NtHandle;
if (process != null)
{
NtToken token = GetToken(process);
if (token != null)
{
TokenForm.OpenForm(token, true);
}
}
else if (handle != null)
{
try
{
TokenForm.OpenForm(NtToken.DuplicateFrom(handle.ProcessId, new IntPtr(handle.Handle), TokenAccessRights.Query | TokenAccessRights.QuerySource), false);
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
}
public MainForm()
{
InitializeComponent();
listViewProcesses.ListViewItemSorter = new ListItemComparer(0);
listViewThreads.ListViewItemSorter = new ListItemComparer(0);
listViewSessions.ListViewItemSorter = new ListItemComparer(0);
listViewHandles.ListViewItemSorter = new ListItemComparer(0);
listViewServices.ListViewItemSorter = new ListItemComparer(0);
AddGrouping("Name", p => p.Name);
AddGrouping("Session ID", p => $"Session {p.SessionId}");
AddGrouping("Sandbox", p => GetSandboxName(p.ProcessToken));
AddGrouping("Integrity Level", p => p.ProcessToken.IntegrityLevel.ToString());
AddGrouping("User", p => p.ProcessToken.User.Name);
AddGrouping("Elevation Type", p => GetElevationTypeName(p.ProcessToken));
AddGrouping("Authentication ID", p => p.ProcessToken.AuthenticationId.ToString());
AddGrouping("Origin ID", p => p.ProcessToken.Origin.ToString());
AddGrouping("Flags", p => p.ProcessToken.Flags.ToString());
AddGrouping("Package Name", p =>
{
if (!p.ProcessToken.AppContainer)
{
return("None");
}
if (!string.IsNullOrWhiteSpace(p.ProcessToken.PackageFullName))
{
return(p.ProcessToken.PackageFullName);
}
return(p.ProcessToken.AppContainerSid.Name);
});
AddGrouping("Security Descriptor", p => GetSecurityDescriptor(p.ProcessToken));
AddGrouping("Process Security Descriptor", p => GetSecurityDescriptor(p.ProcessSecurity));
AddGrouping("Trust Level", p => p.ProcessToken.TrustLevel?.Name ?? "Untrusted");
AddGrouping("No Child Process", p => p.ProcessToken.NoChildProcess ? "No Child Process" : "Unrestricted");
AddGrouping("Chrome Sandbox Type", p => GetChromeSandboxType(p));
RefreshProcessList(null, false, false);
using (NtToken token = NtProcess.Current.OpenToken())
{
if (token.SetPrivilege(TokenPrivilegeValue.SeTcbPrivilege, PrivilegeAttributes.Enabled))
{
RefreshSessionList();
}
else
{
tabControlTests.TabPages.Remove(tabPageSessions);
groupBoxServiceAccounts.Visible = false;
}
}
RefreshServiceList();
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Batch);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Interactive);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Network);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.NetworkCleartext);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.NewCredentials);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Service);
comboBoxS4ULogonType.SelectedItem = SecurityLogonType.Network;
TokenForm.RegisterMainForm(this);
}
public MainForm()
{
InitializeComponent();
listViewProcesses.ListViewItemSorter = new ListItemComparer(0);
listViewThreads.ListViewItemSorter = new ListItemComparer(0);
listViewSessions.ListViewItemSorter = new ListItemComparer(0);
listViewHandles.ListViewItemSorter = new ListItemComparer(0);
RefreshProcessList(null, false);
using (NtToken token = NtProcess.Current.OpenToken())
{
if (token.SetPrivilege(TokenPrivilegeValue.SeTcbPrivilege, PrivilegeAttributes.Enabled))
{
RefreshSessionList();
}
else
{
tabControlTests.TabPages.Remove(tabPageSessions);
groupBoxServiceAccounts.Visible = false;
}
}
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Batch);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Interactive);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Network);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.NetworkCleartext);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.NewCredentials);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Service);
comboBoxS4ULogonType.SelectedItem = SecurityLogonType.Network;
TokenForm.RegisterMainForm(this);
}
private void openTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
TreeNode selectedNode = treeViewProcesses.SelectedNode;
if (selectedNode != null)
{
ProcessEntry process = selectedNode.Tag as ProcessEntry;
HandleEntry handle = selectedNode.Tag as HandleEntry;
if (process != null)
{
TokenForm.OpenForm(process.Token, true);
}
else if (handle != null)
{
try
{
TokenForm.OpenForm(new UserToken(NativeBridge.DuplicateHandleFromProcess(handle,
(uint)(TokenAccessRights.Query | TokenAccessRights.QuerySource), 0)), false);
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
}
private async void btnStartServer_Click(object sender, EventArgs e)
{
try
{
btnStartServer.Enabled = false;
using (NamedPipeServerStream pipe = new NamedPipeServerStream(txtPipeName.Text,
PipeDirection.In, 1, PipeTransmissionMode.Byte, PipeOptions.Asynchronous))
{
await Task.Factory.FromAsync(pipe.BeginWaitForConnection,
pipe.EndWaitForConnection, null);
UserToken token = null;
if (pipe.IsConnected)
{
pipe.RunAsClient(() => token = TokenUtils.GetTokenFromThread());
pipe.Disconnect();
}
if (token != null)
{
TokenForm.OpenForm(token, false);
}
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
finally
{
btnStartServer.Enabled = true;
}
}
private void openTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
foreach (ListViewItem item in listViewProcesses.SelectedItems)
{
if (item.Tag is ProcessTokenEntry entry)
{
TokenForm.OpenForm(entry, $"{entry.Name}:{entry.ProcessId}", true, false);
}
}
}
static void form_FormClosed(object sender, FormClosedEventArgs e)
{
TokenForm form = sender as TokenForm;
if (form != null)
{
_forms.Remove((TokenForm)sender);
form.Dispose();
}
}
private void openProcessTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listViewThreads.SelectedItems.Count > 0)
{
if (listViewThreads.SelectedItems[0].Tag is NtThread thread)
{
TokenForm.OpenForm(GetProcessToken(thread), "Process", false);
}
}
}
private void openServiceTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
foreach (ListViewItem item in listViewServices.SelectedItems)
{
if (item.Tag is ServiceTokenEntry entry)
{
TokenForm.OpenForm(entry.ProcessToken, entry.Service.Name, true);
}
}
}
private void openSessionTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listViewSessions.SelectedItems.Count > 0)
{
if (listViewSessions.SelectedItems[0].Tag is NtToken token)
{
TokenForm.OpenForm(token, "Session", true);
}
}
}
private void btnCreateAnonymous_Click(object sender, EventArgs e)
{
try
{
TokenForm.OpenForm(TokenUtils.GetAnonymousToken(), "Anonymous", false);
}
catch (NtException ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private void openSessionTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listViewSessions.SelectedItems.Count > 0)
{
UserToken token = listViewSessions.SelectedItems[0].Tag as UserToken;
if (token != null)
{
TokenForm.OpenForm(token, true);
}
}
}
private void btnCurrentProcess_Click(object sender, EventArgs e)
{
try
{
TokenForm.OpenForm(new ProcessTokenEntry(NtProcess.Current), "Current", false, false);
}
catch (NtException ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private void GetServiceToken(string name)
{
try
{
TokenForm.OpenForm(TokenUtils.GetLogonUserToken(name, "NT AUTHORITY", null, null, LogonType.Service), false);
}
catch (Win32Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private void openProcessTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listViewThreads.SelectedItems.Count > 0)
{
ThreadEntry thread = listViewThreads.SelectedItems[0].Tag as ThreadEntry;
if (thread != null)
{
TokenForm.OpenForm(thread.Process.Token, true);
}
}
}
private void btnClipboardToken_Click(object sender, EventArgs e)
{
try
{
TokenForm.OpenForm(TokenUtils.GetTokenFromClipboard(), false);
}
catch (Win32Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private void btnCreateNew_Click(object sender, EventArgs e)
{
try
{
TokenForm.OpenForm(CreateToken(), false);
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
public static void OpenForm(NtToken token, string text, bool copy)
{
if (token != null)
{
TokenForm form = new TokenForm(copy ? token.Duplicate() : token, text);
_forms.Add(form);
form.FormClosed += form_FormClosed;
form.Show(_main_form);
}
}
public static void OpenForm(IWin32Window parent, UserToken token, bool copy)
{
if (token != null)
{
TokenForm form = new TokenForm(copy ? token.DuplicateHandle() : token);
_forms.Add(form);
form.FormClosed += form_FormClosed;
form.Show(parent);
}
}
public static void OpenForm(IWin32Window parent, UserToken token, bool copy)
{
if (token != null)
{
TokenForm form = new TokenForm(copy ? token.DuplicateHandle() : token);
_forms.Add(form);
form.FormClosed += form_FormClosed;
form.Show(parent);
}
}
private void openProcessTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listViewThreads.SelectedItems.Count > 0)
{
if (listViewThreads.SelectedItems[0].Tag is ThreadTokenEntry thread)
{
if (thread.ProcessToken != null)
{
TokenForm.OpenForm(thread, $"{thread.Name}:{thread.ProcessId}", true, false);
}
}
}
}
private void openTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listViewProcesses.SelectedItems.Count > 0)
{
foreach (ListViewItem item in listViewProcesses.SelectedItems)
{
if (item.Tag is ProcessTokenEntry process)
{
TokenForm.OpenForm(process, $"{item.SubItems[1].Text}:{item.SubItems[0].Text}", true, false);
}
}
}
}
private void toolStripMenuItemOpenThreadToken_Click(object sender, EventArgs e)
{
if (listViewThreads.SelectedItems.Count > 0)
{
if (listViewThreads.SelectedItems[0].Tag is NtThread thread)
{
NtToken token = GetToken(thread);
if (token != null)
{
TokenForm.OpenForm(token, thread.ToString(), false);
}
}
}
}
private void openTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listViewProcesses.SelectedItems.Count > 0)
{
foreach (ListViewItem item in listViewProcesses.SelectedItems)
{
NtToken token = item.Tag as NtToken;
if (token != null)
{
TokenForm.OpenForm(token, string.Format("{0}:{1}", item.SubItems[1].Text, item.SubItems[0].Text), true);
}
}
}
}
private void openTokenToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listViewProcesses.SelectedItems.Count > 0)
{
foreach (ListViewItem item in listViewProcesses.SelectedItems)
{
NtToken token = item.Tag as NtToken;
if (token != null)
{
TokenForm.OpenForm(token, true);
}
}
}
}
private void GetServiceToken(string name)
{
try
{
IEnumerable <UserGroup> groups = GetServiceSids();
TokenForm.OpenForm(Win32Security.LsaLogonUser(name, "NT AUTHORITY", null,
SecurityLogonType.Service, Logon32Provider.Default, groups), "Service", false);
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
public MainForm()
{
InitializeComponent();
RefreshProcessList(null, false);
RefreshSessionList();
comboBoxS4ULogonType.Items.Add(LogonType.Batch);
comboBoxS4ULogonType.Items.Add(LogonType.Interactive);
comboBoxS4ULogonType.Items.Add(LogonType.Network);
comboBoxS4ULogonType.Items.Add(LogonType.NetworkCleartext);
comboBoxS4ULogonType.Items.Add(LogonType.NewCredentials);
comboBoxS4ULogonType.Items.Add(LogonType.Service);
comboBoxS4ULogonType.SelectedItem = LogonType.Network;
TokenForm.RegisterMainForm(this);
}
private void listViewHandles_DoubleClick(object sender, EventArgs e)
{
if (listViewHandles.SelectedItems.Count > 0)
{
if (listViewHandles.SelectedItems[0].Tag is NtToken token)
{
try
{
TokenForm.OpenForm(token, "Handle", true);
}
catch (NtException)
{
}
}
}
}
private void btnTestS4U_Click(object sender, EventArgs e)
{
try
{
SecurityLogonType logon_type = (SecurityLogonType)comboBoxS4ULogonType.SelectedItem;
if (radioLUNormal.Checked)
{
SecureString str = new SecureString();
foreach (var ch in txtLUPassword.Text)
{
str.AppendChar(ch);
}
switch (logon_type)
{
case SecurityLogonType.Batch:
case SecurityLogonType.Interactive:
case SecurityLogonType.Network:
case SecurityLogonType.NetworkCleartext:
case SecurityLogonType.NewCredentials:
case SecurityLogonType.Service:
break;
default:
throw new ArgumentException("Invalid logon type for Logon");
}
using (NtToken token = Win32Security.LsaLogonUser(txtS4UUserName.Text, txtS4URealm.Text, str, logon_type, Logon32Provider.Default))
{
TokenForm.OpenForm(token, "LogonUser", true);
}
}
else
{
using (NtToken token = TokenUtils.GetLogonS4UToken(txtS4UUserName.Text, txtS4URealm.Text, logon_type))
{
TokenForm.OpenForm(token, "S4U", true);
}
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private async void btnStartServer_Click(object sender, EventArgs e)
{
try
{
btnStartServer.Enabled = false;
using (NamedPipeServerStream pipe = new NamedPipeServerStream(txtPipeName.Text,
PipeDirection.InOut, 1, PipeTransmissionMode.Byte, PipeOptions.Asynchronous))
{
await Task.Factory.FromAsync(pipe.BeginWaitForConnection,
pipe.EndWaitForConnection, null);
NtToken token = null;
bool use_unc = checkBoxUseUNCPath.Checked;
if (pipe.IsConnected)
{
if (!use_unc)
{
byte[] buffer = new byte[1];
int result = await pipe.ReadAsync(buffer, 0, 1);
}
pipe.RunAsClient(() => token = NtToken.OpenThreadToken());
pipe.Disconnect();
}
if (token != null)
{
TokenForm.OpenForm(token, "NamedPipe", false);
}
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
finally
{
btnStartServer.Enabled = true;
}
}
public static void OpenForm(NtToken token, bool copy)
{
if (token != null)
{
TokenForm form = new TokenForm(copy ? token.Duplicate() : token);
_forms.Add(form);
form.FormClosed += form_FormClosed;
form.Show(_main_form);
}
}
