private NtToken GetS4UToken(TokenAccessRights desired_access)
{
using (NtToken token = LogonUtils.LogonS4U(User, Domain, LogonType))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private NtToken GetTicketToken(TokenAccessRights desired_access)
{
using (NtToken token = LogonUtils.LsaLogonTicket(LogonType, Ticket, KerbCred))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private NtToken GetS4UToken(TokenAccessRights desired_access)
{
using (NtToken token = LogonUtils.LsaLogonS4U(User, Domain, LogonType, AuthenticationPackage.NEGOSSP_NAME))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private static NtToken GetSystemToken()
{
NtToken.EnableDebugPrivilege();
using (var ps = NtProcess.GetProcesses(ProcessAccessRights.QueryLimitedInformation).ToDisposableList())
{
Sid local_system = KnownSids.LocalSystem;
foreach (var p in ps)
{
using (var result = NtToken.OpenProcessToken(p, TokenAccessRights.Query | TokenAccessRights.Duplicate, false))
{
if (!result.IsSuccess)
{
continue;
}
var token = result.Result;
if (token.User.Sid == local_system &&
!token.Filtered &&
token.GetPrivilege(TokenPrivilegeValue.SeTcbPrivilege) != null &&
token.IntegrityLevel == TokenIntegrityLevel.System)
{
using (var imp_token = token.DuplicateToken(SecurityImpersonationLevel.Impersonation))
{
if (imp_token.SetPrivilege(TokenPrivilegeValue.SeTcbPrivilege, PrivilegeAttributes.Enabled))
{
using (imp_token.Impersonate())
{
return(LogonUtils.Logon("SYSTEM", "NT AUTHORITY", null,
SecurityLogonType.Service, Logon32Provider.Default, false).GetResultOrDefault());
}
}
}
}
}
}
}
return(null);
}
