public MainForm() { InitializeComponent(); listViewProcesses.ListViewItemSorter = new ListItemComparer(0); listViewThreads.ListViewItemSorter = new ListItemComparer(0); listViewSessions.ListViewItemSorter = new ListItemComparer(0); listViewHandles.ListViewItemSorter = new ListItemComparer(0); RefreshProcessList(null, false); using (NtToken token = NtProcess.Current.OpenToken()) { if (token.SetPrivilege(TokenPrivilegeValue.SeTcbPrivilege, PrivilegeAttributes.Enabled)) { RefreshSessionList(); } else { tabControlTests.TabPages.Remove(tabPageSessions); groupBoxServiceAccounts.Visible = false; } } comboBoxS4ULogonType.Items.Add(SecurityLogonType.Batch); comboBoxS4ULogonType.Items.Add(SecurityLogonType.Interactive); comboBoxS4ULogonType.Items.Add(SecurityLogonType.Network); comboBoxS4ULogonType.Items.Add(SecurityLogonType.NetworkCleartext); comboBoxS4ULogonType.Items.Add(SecurityLogonType.NewCredentials); comboBoxS4ULogonType.Items.Add(SecurityLogonType.Service); comboBoxS4ULogonType.SelectedItem = SecurityLogonType.Network; TokenForm.RegisterMainForm(this); }
public MainForm() { InitializeComponent(); listViewProcesses.ListViewItemSorter = new ListItemComparer(0); listViewThreads.ListViewItemSorter = new ListItemComparer(0); listViewSessions.ListViewItemSorter = new ListItemComparer(0); listViewHandles.ListViewItemSorter = new ListItemComparer(0); listViewServices.ListViewItemSorter = new ListItemComparer(0); AddGrouping("Name", p => p.Name); AddGrouping("Session ID", p => $"Session {p.SessionId}"); AddGrouping("Sandbox", p => GetSandboxName(p.ProcessToken)); AddGrouping("Integrity Level", p => p.ProcessToken.IntegrityLevel.ToString()); AddGrouping("User", p => p.ProcessToken.User.Name); AddGrouping("Elevation Type", p => GetElevationTypeName(p.ProcessToken)); AddGrouping("Authentication ID", p => p.ProcessToken.AuthenticationId.ToString()); AddGrouping("Origin ID", p => p.ProcessToken.Origin.ToString()); AddGrouping("Flags", p => p.ProcessToken.Flags.ToString()); AddGrouping("Package Name", p => { if (!p.ProcessToken.AppContainer) { return("None"); } if (!string.IsNullOrWhiteSpace(p.ProcessToken.PackageFullName)) { return(p.ProcessToken.PackageFullName); } return(p.ProcessToken.AppContainerSid.Name); }); AddGrouping("Security Descriptor", p => GetSecurityDescriptor(p.ProcessToken)); AddGrouping("Process Security Descriptor", p => GetSecurityDescriptor(p.ProcessSecurity)); AddGrouping("Trust Level", p => p.ProcessToken.TrustLevel?.Name ?? "Untrusted"); AddGrouping("No Child Process", p => p.ProcessToken.NoChildProcess ? "No Child Process" : "Unrestricted"); AddGrouping("Chrome Sandbox Type", p => GetChromeSandboxType(p)); RefreshProcessList(null, false, false); using (NtToken token = NtProcess.Current.OpenToken()) { if (token.SetPrivilege(TokenPrivilegeValue.SeTcbPrivilege, PrivilegeAttributes.Enabled)) { RefreshSessionList(); } else { tabControlTests.TabPages.Remove(tabPageSessions); groupBoxServiceAccounts.Visible = false; } } RefreshServiceList(); comboBoxS4ULogonType.Items.Add(SecurityLogonType.Batch); comboBoxS4ULogonType.Items.Add(SecurityLogonType.Interactive); comboBoxS4ULogonType.Items.Add(SecurityLogonType.Network); comboBoxS4ULogonType.Items.Add(SecurityLogonType.NetworkCleartext); comboBoxS4ULogonType.Items.Add(SecurityLogonType.NewCredentials); comboBoxS4ULogonType.Items.Add(SecurityLogonType.Service); comboBoxS4ULogonType.SelectedItem = SecurityLogonType.Network; TokenForm.RegisterMainForm(this); }
private void enablePrivilegeToolStripMenuItem_Click(object sender, EventArgs e) { if (listViewPrivs.SelectedItems.Count > 0) { bool multi_enable = listViewPrivs.SelectedItems.Count > 1; bool all_enabled = AllPrivsEnabled(listViewPrivs.SelectedItems.OfType <ListViewItem>()); foreach (TokenPrivilege priv in listViewPrivs.SelectedItems.OfType <ListViewItem>().Select(i => i.Tag)) { try { if (priv != null) { _token.SetPrivilege(priv.Luid, !all_enabled); } } catch (Exception ex) { if (!multi_enable) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } } } UpdatePrivileges(); } }
/// <summary> /// Override for begin processing. /// </summary> protected override void BeginProcessing() { using (NtToken process_token = NtToken.OpenProcessToken()) { _open_for_backup = process_token.SetPrivilege(TokenPrivilegeValue.SeBackupPrivilege, PrivilegeAttributes.Enabled); if (!_open_for_backup) { WriteWarning("Current process doesn't have SeBackupPrivilege, results may be inaccurate"); } } base.BeginProcessing(); }
private void ModifyPrivileges(IEnumerable <TokenPrivilege> privs, PrivilegeAttributes attributes) { bool multi = privs.Count() > 1; foreach (TokenPrivilege priv in privs) { try { _token.SetPrivilege(priv.Luid, attributes); } catch (Exception ex) { if (!multi) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } } } UpdatePrivileges(); }
private void RunAccessCheckHandles(IEnumerable <TokenEntry> tokens) { var type_filter = GetTypeFilter(); using (NtToken process_token = NtToken.OpenProcessToken()) { if (!process_token.SetPrivilege(TokenPrivilegeValue.SeDebugPrivilege, PrivilegeAttributes.Enabled)) { WriteWarning("Current process doesn't have SeDebugPrivilege, results may be inaccurate"); } } if (type_filter.Count == 0) { WriteWarning("Checking handle access without any type filtering can hang. Perhaps specify the types using -TypeFilter."); } HashSet <ulong> checked_objects = new HashSet <ulong>(); var handles = NtSystemInfo.GetHandles(-1, false).Where(h => IsTypeFiltered(h.ObjectType, type_filter)).GroupBy(h => h.ProcessId); foreach (var group in handles) { if (Stopping) { return; } using (var proc = NtProcess.Open(group.Key, ProcessAccessRights.DupHandle, false)) { if (proc.IsSuccess) { CheckHandles(tokens, type_filter, checked_objects, proc.Result, group); } } } }