private protected KerberosAuthorizationDataRestrictionEntry(byte[] data, KerberosRestrictionEntryFlags flags,
TokenIntegrityLevel integrity_level, byte[] machine_id) : base(KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY, data)
{
Flags = flags;
IntegrityLevel = integrity_level;
MachineId = machine_id;
}
/// <summary>
/// Constructor.
/// </summary>
public NewNtTokenCmdlet()
{
AuthenticationId = NtToken.LocalSystemAuthId;
TokenType = TokenType.Primary;
ExpirationTime = DateTime.Now.AddYears(10);
Groups = new Sid[0];
Privileges = new TokenPrivilegeValue[0];
DefaultAcl = new Acl();
DefaultAcl.AddAccessAllowedAce(GenericAccessRights.GenericAll, AceFlags.None, "SY");
DefaultAcl.AddAccessAllowedAce(GenericAccessRights.GenericAll, AceFlags.None, "BA");
IntegrityLevel = TokenIntegrityLevel.System;
SecurityQualityOfService = new SecurityQualityOfService(SecurityImpersonationLevel.Anonymous, SecurityContextTrackingMode.Static, false);
}
private void comboBoxIL_SelectedIndexChanged(object sender, EventArgs e)
{
TokenIntegrityLevel il = GetILFromComboBox(comboBoxIL);
if (_token.IntegrityLevel != il)
{
btnSetIL.Enabled = true;
}
else
{
btnSetIL.Enabled = false;
}
}
private void comboBoxIL_SelectedIndexChanged(object sender, EventArgs e)
{
if (comboBoxIL.SelectedItem != null)
{
TokenIntegrityLevel il = (TokenIntegrityLevel)comboBoxIL.SelectedItem;
if (_token.GetTokenIntegrityLevel() != il)
{
btnSetIL.Enabled = true;
}
else
{
btnSetIL.Enabled = false;
}
}
}
private void btnSetIL_Click(object sender, EventArgs e)
{
TokenIntegrityLevel il = GetILFromComboBox(comboBoxIL);
if (_token.IntegrityLevel != il)
{
try
{
_token.SetIntegrityLevel(il);
btnSetIL.Enabled = false;
UpdatePrivileges();
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
private void btnDuplicate_Click(object sender, EventArgs e)
{
try
{
using (NtToken token = _token.DuplicateToken((TokenType)comboBoxTokenType.SelectedItem,
(SecurityImpersonationLevel)comboBoxImpLevel.SelectedItem, TokenAccessRights.MaximumAllowed))
{
TokenIntegrityLevel il = GetILFromComboBox(comboBoxILForDup);
if (il != token.IntegrityLevel)
{
token.SetIntegrityLevel(il);
}
OpenForm(token, "Duplicate", true);
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private void btnImpersonate_Click(object sender, EventArgs e)
{
SecurityImpersonationLevel implevel = SecurityImpersonationLevel.Impersonation;
try
{
if (_token.TokenType == TokenType.Impersonation)
{
implevel = _token.ImpersonationLevel;
}
using (NtToken token = _token.DuplicateToken(TokenType.Impersonation, implevel, TokenAccessRights.MaximumAllowed))
{
TokenIntegrityLevel il = GetILFromComboBox(comboBoxILForDup);
if (il != token.IntegrityLevel)
{
token.SetIntegrityLevel(il);
}
NtToken imptoken = null;
using (var imp = token.Impersonate())
{
imptoken = NtThread.Current.OpenToken();
}
if (imptoken != null)
{
OpenForm(imptoken, "Impersonation", false);
}
else
{
MessageBox.Show(this, "Couldn't open thread token", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
static void Main(string[] args)
{
Win32Process new_process = null;
try
{
CreateProcessFlags flags = CreateProcessFlags.None;
bool parent_process = false;
bool set_il = false;
TokenIntegrityLevel il = 0;
bool show_help = false;
OptionSet opts = new OptionSet()
{
{ "p", "Use parent technique to create the new process", v => parent_process = v != null },
{ "j", "Try and break away from the current process job", v => flags |= v != null ? CreateProcessFlags.BreakawayFromJob : 0 },
{ "c", "Create a new console for the process", v => flags |= v != null ? CreateProcessFlags.NewConsole : 0 },
{ "s", "Create the process suspended", v => flags |= v != null ? CreateProcessFlags.Suspended : 0 },
{ "i|il=", "Set the process IL level", v => {
il = ParseIL(v); set_il = true;
} },
{ "h|help", "show this message and exit", v => show_help = v != null },
};
int pid;
List <string> commands = opts.Parse(args);
if (show_help || commands.Count < 2)
{
ShowHelp(opts);
}
if (!int.TryParse(commands[0], out pid))
{
throw new ArgumentException("Couldn't parse PID value");
}
if (!NtToken.EnableDebugPrivilege())
{
Console.WriteLine("WARNING: Couldn't enable Debug privilege");
}
using (NtProcess process = NtProcess.Open(pid, ProcessAccessRights.MaximumAllowed))
{
if (parent_process)
{
new_process = Win32Process.CreateProcess(process, null, commands[1], set_il ? flags | CreateProcessFlags.Suspended : flags, null);
if (set_il)
{
using (NtToken token = new_process.Process.OpenToken())
{
token.SetIntegrityLevel(il);
}
if ((flags & CreateProcessFlags.Suspended) == 0)
{
new_process.Thread.Resume();
}
}
}
else
{
using (NtToken token = process.OpenToken())
{
using (NtToken target_token = token.DuplicateToken(TokenType.Primary, SecurityImpersonationLevel.Anonymous, TokenAccessRights.MaximumAllowed))
{
if (set_il)
{
target_token.SetIntegrityLevel(il);
}
new_process = Win32Process.CreateProcessAsUser(target_token, null, commands[1], flags, null);
}
}
}
using (new_process)
{
Console.WriteLine("Created Process: PID: {0}, SID {1}", new_process.Pid, new_process.Process.SessionId);
}
}
}
catch (Exception ex)
{
Console.WriteLine("ERROR: {0}", ex.Message);
if (new_process != null && new_process.Process != null)
{
try
{
new_process.Process.Terminate(NtStatus.STATUS_WAIT_1);
}
catch
{
}
}
}
}
/// <summary>
/// Add mandatory integrity label to SACL
/// </summary>
/// <param name="level">The integrity level</param>
/// <param name="flags">The ACE flags.</param>
/// <param name="policy">The mandatory label policy</param>
public void AddMandatoryLabel(TokenIntegrityLevel level, AceFlags flags, MandatoryLabelPolicy policy)
{
AddMandatoryLabel(NtSecurity.GetIntegritySid(level), flags, policy);
}
/// <summary>
/// Add mandatory integrity label to SACL
/// </summary>
/// <param name="level">The integrity level</param>
public void AddMandatoryLabel(TokenIntegrityLevel level)
{
AddMandatoryLabel(NtSecurity.GetIntegritySid(level), AceFlags.None, MandatoryLabelPolicy.NoWriteUp);
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="flags">Flags for the ACE.</param>
/// <param name="policy">The mandatory label policy.</param>
/// <param name="integrity_level">The integrity level.</param>
public MandatoryLabelAce(AceFlags flags, MandatoryLabelPolicy policy, TokenIntegrityLevel integrity_level)
: this(flags, policy, NtSecurity.GetIntegritySid(integrity_level))
{
}
/// <summary>
/// Add an integrity level to the boundary descriptor.
/// </summary>
/// <remarks>This integrity level is used in an access check when creating or deleting private namespaces.</remarks>
/// <param name="integrity_level">The integrity level to add.</param>
public void AddIntegrityLevel(TokenIntegrityLevel integrity_level)
{
AddIntegrityLevel(NtSecurity.GetIntegritySid(integrity_level));
}
/// <summary>
/// Get a SID for a specific mandatory integrity level.
/// </summary>
/// <param name="level">The mandatory integrity level.</param>
/// <returns>The integrity SID</returns>
public static Sid GetIntegritySid(TokenIntegrityLevel level)
{
return(GetIntegritySidRaw((int)level));
}
/// <summary>
/// Add mandatory integrity label to SACL
/// </summary>
/// <param name="level">The integrity level</param>
/// <param name="flags">The ACE flags.</param>
/// <param name="policy">The mandatory label policy</param>
public void AddMandatoryLabel(TokenIntegrityLevel level, AceFlags flags, MandatoryLabelPolicy policy)
{
AddMandatoryLabel(NtSecurity.GetIntegritySid(level), flags, policy);
}
/// <summary>
/// Add mandatory integrity label to SACL
/// </summary>
/// <param name="level">The integrity level</param>
public void AddMandatoryLabel(TokenIntegrityLevel level)
{
AddMandatoryLabel(NtSecurity.GetIntegritySid(level), AceFlags.None, MandatoryLabelPolicy.NoWriteUp);
}
