//////////////////////////////////////////////////////////////////////////////// // https://github.com/numbnet/Win32-OpenSSH/blob/8dd7423e13ac0b88b3084ec95bc93ea09dec1fef/contrib/win32/win32compat/win32auth.c // https://github.com/bb107/WinSudo/blob/b2cb7700bd2f7ee59e2ef7f9ca20c2a671ce72a8/PrivilegeHelps/Security.cpp // https://www.exploit-db.com/papers/42556 //////////////////////////////////////////////////////////////////////////////// private static void _CreateToken(CommandLineParsing cLP, IntPtr hToken) { try { using (CreateTokens ct = new CreateTokens(hToken)) { string[] groups = new string[0]; string g; if (cLP.GetData("groups", out g)) { groups = (g).Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries); } string user; if (cLP.GetData("username", out user)) { ct.SetWorkingTokenToSelf(); ct.CreateToken(user, groups, cLP.Command); } else { ct.SetWorkingTokenToSelf(); ct.CreateToken(groups, cLP.Command); } } } catch (AccessViolationException ex) { Console.WriteLine(ex); } }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// private static void _CloneToken(CommandLineParsing cLP, IntPtr hToken) { try { using (CreateTokens ct = new CreateTokens(hToken)) { ct.SetWorkingTokenToSelf(); ct.CloneToken(cLP.ProcessID, cLP.Command); } } catch (AccessViolationException ex) { Console.WriteLine(ex); } }
static void Main(string[] args) { CreateTokens.Run(args); }