예제 #1
0
    public static void Execute(string[] args)
    {
        if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
        {
            if (File.Exists(filesrc))
            {
                ReadFile(filesrc);
            }
        }
        else
        {
            try
            {
                //Login
                IntPtr hToken          = IntPtr.Zero;
                IntPtr hTokenDuplicate = IntPtr.Zero;

                if (Natives.LogonUser(username, domain, password, Natives.LOGON32_LOGON_NEW_CREDENTIALS, Natives.LOGON32_PROVIDER_DEFAULT, ref hToken))
                {
                    Natives.SECURITY_ATTRIBUTES secAttribs = new Natives.SECURITY_ATTRIBUTES();

                    if (Natives.DuplicateTokenEx(hToken, 0xf01ff, ref secAttribs, 2, 1, ref hTokenDuplicate))
                    {
                        if (!Natives.ImpersonateLoggedOnUser(hTokenDuplicate))
                        {
                            return;
                        }

                        try
                        {
                            if (File.Exists(filesrc))
                            {
                                ReadFile(filesrc);
                            }
                        }
                        catch (Exception)
                        {
                        }

                        Natives.RevertToSelf();
                    }
                }

                if (hToken != IntPtr.Zero)
                {
                    Natives.CloseHandle(hToken);
                }
                if (hTokenDuplicate != IntPtr.Zero)
                {
                    Natives.CloseHandle(hTokenDuplicate);
                }
            }
            catch (Exception)
            {
                return;
            }
        }
    }
예제 #2
0
    public static void Execute(string[] args)
    {
        if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
        {
            CopyFile();
        }
        else
        {
            try
            {
                //Login
                IntPtr hToken          = IntPtr.Zero;
                IntPtr hTokenDuplicate = IntPtr.Zero;

                if (Natives.LogonUser(username, domain, password, Natives.LOGON32_LOGON_NEW_CREDENTIALS, Natives.LOGON32_PROVIDER_DEFAULT, ref hToken))
                {
                    Console.WriteLine("[*] Login successfully");

                    Natives.SECURITY_ATTRIBUTES secAttribs = new Natives.SECURITY_ATTRIBUTES();

                    if (Natives.DuplicateTokenEx(hToken, 0xf01ff, ref secAttribs, 2, 1, ref hTokenDuplicate))
                    {
                        if (!Natives.ImpersonateLoggedOnUser(hTokenDuplicate))
                        {
                            throw new SystemException("[x] Failed to impersonate context");
                        }

                        try
                        {
                            CopyFile();
                        }
                        catch (Exception e)
                        {
                            Console.WriteLine("[x] Something went wrong!!" + e.Message);
                            Console.WriteLine("[x] " + e.StackTrace);
                        }

                        Natives.RevertToSelf();
                    }
                    else
                    {
                        Console.WriteLine("[x] Faliled duplicate Token");
                    }
                }
                else
                {
                    Console.WriteLine("[x] Logon Faliled {0} - {1} - {2}", username, domain, password);
                }

                if (hToken != IntPtr.Zero)
                {
                    Natives.CloseHandle(hToken);
                }
                if (hTokenDuplicate != IntPtr.Zero)
                {
                    Natives.CloseHandle(hTokenDuplicate);
                }
            }
            catch (Exception)
            {
                Console.WriteLine("[x] Error writing file");
                return;
            }
        }
    }