Exemple #1
0
 public static extern Boolean AllocateAndInitializeSid(
     ref Structs.SidIdentifierAuthority pIdentifierAuthority,
     byte nSubAuthorityCount,
     Int32 dwSubAuthority0,
     Int32 dwSubAuthority1,
     Int32 dwSubAuthority2,
     Int32 dwSubAuthority3,
     Int32 dwSubAuthority4,
     Int32 dwSubAuthority5,
     Int32 dwSubAuthority6,
     Int32 dwSubAuthority7,
     out IntPtr pSid
     );
Exemple #2
0
        ////////////////////////////////////////////////////////////////////////////////
        ////////////////////////////////////////////////////////////////////////////////
        public void SetTokenInformation()
        {
            Structs.SidIdentifierAuthority pIdentifierAuthority = new Structs.SidIdentifierAuthority();
            pIdentifierAuthority.Value = new byte[] { 0x0, 0x0, 0x0, 0x0, 0x0, 0x10 };
            byte   nSubAuthorityCount = 1;
            IntPtr pSID = new IntPtr();

            if (advapi32.AllocateAndInitializeSid(ref pIdentifierAuthority, nSubAuthorityCount, 0x2000, 0, 0, 0, 0, 0, 0, 0, out pSID))
            {
                Console.WriteLine(" [+] Initialized SID : " + pSID.ToInt32());
            }

            Structs.SID_AND_ATTRIBUTES sidAndAttributes = new Structs.SID_AND_ATTRIBUTES();
            sidAndAttributes.Sid        = pSID;
            sidAndAttributes.Attributes = Constants.SE_GROUP_INTEGRITY_32;

            Structs.TOKEN_MANDATORY_LABEL tokenMandatoryLabel = new Structs.TOKEN_MANDATORY_LABEL();
            tokenMandatoryLabel.Label = sidAndAttributes;
            Int32 tokenMandatoryLableSize = Marshal.SizeOf(tokenMandatoryLabel);

            if (ntdll.NtSetInformationToken(phNewToken, 25, ref tokenMandatoryLabel, tokenMandatoryLableSize) == 0)
            {
                Console.WriteLine(" [+] Set Token Information : " + phNewToken.ToInt32());
            }
            else
            {
                GetError("NtSetInformationToken: ");
            }

            IntPtr luaToken = new IntPtr();

            if (ntdll.NtFilterToken(phNewToken, 4, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, ref luaToken) == 0)
            {
                Console.WriteLine(" [+] Set LUA Token Information : " + luaToken.ToInt32());
            }
            else
            {
                GetError("NtFilterToken: ");
            }
        }