//////////////////////////////////////////////////////////////////////////////// // Creates a new process as SYSTEM //////////////////////////////////////////////////////////////////////////////// public bool GetSystem(string newProcess) { SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null); NTAccount systemAccount = (NTAccount)securityIdentifier.Translate(typeof(NTAccount)); Console.WriteLine("[*] Searching for {0}", systemAccount.ToString()); processes = UserSessions.EnumerateUserProcesses(false, systemAccount.ToString()); foreach (uint process in processes.Keys) { if (OpenProcessToken((int)process)) { Console.WriteLine(" [+] Opened {0}", process); SetWorkingTokenToRemote(); if (DuplicateToken(Winnt._SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation)) { SetWorkingTokenToNewToken(); if (StartProcessAsUser(newProcess)) { return(true); } } } } Misc.GetWin32Error("GetSystem"); return(false); }
public override string ToString() { if (ntAccount == null) { return(sid.ToString()); } else { return(ntAccount.ToString()); } }
//////////////////////////////////////////////////////////////////////////////// // Elevates current process to SYSTEM //////////////////////////////////////////////////////////////////////////////// public bool GetSystem() { SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null); NTAccount systemAccount = (NTAccount)securityIdentifier.Translate(typeof(NTAccount)); Console.WriteLine("[*] Searching for {0}", systemAccount.ToString()); processes = UserSessions.EnumerateUserProcesses(false, systemAccount.ToString()); foreach (uint process in processes.Keys) { if (OpenProcessToken((int)process)) { Console.WriteLine(" [+] Opened {0}", process); SetWorkingTokenToRemote(); if (ImpersonateUser()) { return(true); } } } return(false); }
private void LoadTSUsers() { try { listTSUser.Clear(); TerminalServicesManager tsManager = new TerminalServicesManager(); string[] massHosts = new string[] { "TS1", "TS2", "TS3", "TS4", "TS5", "TS6", "TS7" }; foreach (var host in massHosts) { using (ITerminalServer server = tsManager.GetRemoteServer(host)) { server.Open(); foreach (ITerminalServicesSession session in server.GetSessions()) { NTAccount account = session.UserAccount; if (account != null) { TSUser user = new TSUser() { DomainName = session.DomainName, PCName = session.ClientName, TSName = host, UserName = session.UserName, ConnectionState = session.ConnectionState.ToString(), WindowStationName = session.WindowStationName, UserAccount = account.ToString(), }; Dispatcher.Invoke((Action)(() => { listTSUser.Add(user); })); } } } } foreach (var user in listTSUser) { user.ClientIPAddress = (from i in listPcIPAndPcName where i.PcName.ToLower() == user.PCName.ToLower() select i.PcIP).FirstOrDefault(); } } catch (Exception ex) { Bindings.StatusBarText = ex.Message; } }
/// <summary> /// Grant All Access Permission to user /// </summary> /// <param name="key"></param> protected void GrantAllAccessPermission(String key) { try { SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null); NTAccount account = sid.Translate(typeof(NTAccount)) as NTAccount; // Get ACL from Windows using (RegistryKey rk = Registry.LocalMachine.OpenSubKey(key)) { RegistrySecurity rs = new RegistrySecurity(); // Creating registry access rule for 'Everyone' NT account RegistryAccessRule rar = new RegistryAccessRule( account.ToString(), RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); rs.AddAccessRule(rar); rk.SetAccessControl(rs); } } catch (System.Security.SecurityException ex) { //throw new InstallException( // String.Format("An exception in GrantAllAccessPermission, security exception! {0}", key), // ex); } catch (UnauthorizedAccessException ex) { //throw new InstallException( // String.Format("An exception in GrantAllAccessPermission, access denied! {0}", key), // ex); } }
SPUserInfo ProcessUser(SearchResult result, string distinguishedName) { SPUserInfo info; if (processed.TryGetValue(distinguishedName, out info) == false) { info = new SPUserInfo(); info.Name = ResultValue(result, "displayName"); if (string.IsNullOrEmpty(info.Name)) { info.Name = ResultValue(result, "name"); } info.Email = ResultValue(result, "mail"); byte[] sid = (byte[])result.Properties["objectSid"][0]; SecurityIdentifier identifier = new SecurityIdentifier(sid, 0); NTAccount account = (NTAccount)identifier.Translate(typeof(NTAccount)); info.LoginName = account.ToString(); processed.Add(distinguishedName, info); } return(info); }