public static IntPtr Invoke_UserImpersonation(Args_Invoke_UserImpersonation args = null)
{
if (args == null)
{
args = new Args_Invoke_UserImpersonation();
}
if (System.Threading.Thread.CurrentThread.GetApartmentState() == System.Threading.ApartmentState.STA && !args.Quiet)
{
Logger.Write_Warning(@"[Invoke-UserImpersonation] powershell.exe is not currently in a single-threaded apartment state, token impersonation may not work.");
}
IntPtr LogonTokenHandle;
bool Result;
if (args.TokenHandle != IntPtr.Zero)
{
LogonTokenHandle = args.TokenHandle;
}
else
{
LogonTokenHandle = IntPtr.Zero;
var UserDomain = args.Credential.Domain;
var UserName = args.Credential.UserName;
Logger.Write_Warning($@"[Invoke-UserImpersonation] Executing LogonUser() with user: {UserDomain}\{UserName}");
// LOGON32_LOGON_NEW_CREDENTIALS = 9, LOGON32_PROVIDER_WINNT50 = 3
// this is to simulate "runas.exe /netonly" functionality
Result = NativeMethods.LogonUser(UserName, UserDomain, args.Credential.Password, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_WINNT50, ref LogonTokenHandle);
var LastError = System.Runtime.InteropServices.Marshal.GetLastWin32Error();
if (!Result)
{
throw new Exception($@"[Invoke-UserImpersonation] LogonUser() Error: {new System.ComponentModel.Win32Exception(LastError).Message}");
}
}
// actually impersonate the token from LogonUser()
Result = NativeMethods.ImpersonateLoggedOnUser(LogonTokenHandle);
if (!Result)
{
throw new Exception($@"[Invoke-UserImpersonation] ImpersonateLoggedOnUser() Error: $(([ComponentModel.Win32Exception] $LastError).Message)");
}
Logger.Write_Verbose(@"[Invoke-UserImpersonation] Alternate credentials successfully impersonated");
return(LogonTokenHandle);
}
public static IntPtr Invoke_UserImpersonation(Args_Invoke_UserImpersonation args = null)
{
return(InvokeUserImpersonation.Invoke_UserImpersonation(args));
}
