private NtToken GetTicketToken(TokenAccessRights desired_access) { using (NtToken token = LogonUtils.LsaLogonTicket(LogonType, Ticket, KerbCred)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
private NtToken GetLogonToken(TokenAccessRights desired_access) { using (NtToken token = TokenUtils.GetLogonUserToken(User, Domain, Password, LogonType)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
private NtToken GetS4UToken(TokenAccessRights desired_access) { using (NtToken token = LogonUtils.LogonS4U(User, Domain, LogonType)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
private NtToken GetS4UToken(TokenAccessRights desired_access) { using (NtToken token = LogonUtils.LsaLogonS4U(User, Domain, LogonType, AuthenticationPackage.NEGOSSP_NAME)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
private NtToken GetSandboxedToken(TokenAccessRights desired_access, Func <NtToken, NtToken> sandbox_func) { using (NtToken token = Token != null ? Token.Duplicate() : NtToken.OpenProcessToken()) { using (NtToken sandbox_token = sandbox_func(token)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } } }
/// <summary> /// Get a safer token. /// </summary> /// <param name="token">The base token.</param> /// <param name="level">The safer level to use.</param> /// <param name="make_inert">True to make the token inert.</param> /// <returns>The safer token.</returns> public static NtToken GetTokenFromSaferLevel(NtToken token, SaferLevel level, bool make_inert) { IntPtr level_handle; if (!Win32NativeMethods.SaferCreateLevel(SaferScope.User, level, Win32NativeMethods.SAFER_LEVEL_OPEN, out level_handle, IntPtr.Zero)) { throw new SafeWin32Exception(); } try { using (NtToken duptoken = token.Duplicate(TokenAccessRights.GenericRead | TokenAccessRights.GenericExecute)) { SafeKernelObjectHandle handle; if (Win32NativeMethods.SaferComputeTokenFromLevel(level_handle, duptoken.Handle, out handle, make_inert ? SaferFlags.MakeInert : 0, IntPtr.Zero)) { return(NtToken.FromHandle(handle)); } else { throw new SafeWin32Exception(); } } } finally { Win32NativeMethods.SaferCloseLevel(level_handle); } }
/// <summary> /// Overridden ProcessRecord method. /// </summary> protected override void ProcessRecord() { NtToken token = null; if (Duplicate) { using (NtToken base_token = GetToken(TokenAccessRights.Duplicate)) { if (base_token != null) { token = base_token.DuplicateToken(TokenType, ImpersonationLevel, Access); if (IntegrityLevel.HasValue) { using (NtToken set_token = token.Duplicate(TokenAccessRights.AdjustDefault)) { set_token.SetIntegrityLevel(IntegrityLevel.Value); } } } } } else { token = GetToken(Access); } WriteObject(token); }
public static void OpenForm(NtToken token, string text, bool copy) { if (token != null) { OpenForm(new TokenForm(copy ? token.Duplicate() : token, text)); } }
public ProcessTokenEntry(int process_id, string name, string image_path, string command_line, NtToken process_token) { ProcessId = process_id; Name = name; ImagePath = image_path; CommandLine = command_line; ProcessToken = process_token.Duplicate(); }
public ThreadTokenEntry(NtProcess process, NtToken process_token, int thread_id, string thread_name, NtToken thread_token) : base(process, process_token) { ThreadName = thread_name; ThreadId = thread_id; ThreadToken = thread_token.Duplicate(); }
private NtToken GetLogonToken(TokenAccessRights desired_access) { IEnumerable <UserGroup> groups = null; if (AdditionalGroups != null && AdditionalGroups.Length > 0) { groups = AdditionalGroups.Select(s => new UserGroup(s, GroupAttributes.Enabled | GroupAttributes.EnabledByDefault | GroupAttributes.Mandatory)); } using (NtToken token = TokenUtils.GetLogonUserToken(User, Domain, Password, LogonType, groups)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
public ProcessTokenEntry(int process_id, string name, string image_path, string command_line, NtToken process_token, SecurityDescriptor process_security) { ProcessId = process_id; Name = name; ImagePath = image_path; CommandLine = command_line; ProcessToken = process_token.Duplicate(); ProcessSecurity = process_security; }
private NtToken GetLogonToken(TokenAccessRights desired_access, string user, string domain, SecureString password, SecurityLogonType logon_type) { IEnumerable <UserGroup> groups = null; if (AdditionalGroup != null && AdditionalGroup.Length > 0) { groups = AdditionalGroup.Select(s => new UserGroup(s, GetAttributes(s))); } using (NtToken token = Win32Security.LsaLogonUser(user, domain, password, logon_type, LogonProvider, groups)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
public ThreadTokenEntry(NtProcess process, NtToken process_token, int thread_id, string thread_name, NtToken thread_token, SecurityDescriptor thread_security) : base(process, process_token) { ThreadName = thread_name; ThreadId = thread_id; ThreadToken = thread_token.Duplicate(); ThreadSecurity = thread_security; }
static Form GetFormFromArgs(string[] args) { try { int pid = -1; int handle = -1; string text = string.Empty; bool show_help = false; OptionSet opts = new OptionSet() { { "p|pid=", "Specify a process ID to view the token.", v => pid = int.Parse(v) }, { "handle=", "Specify an inherited handle to view.", v => handle = int.Parse(v) }, { "text=", "Specify a text string for the token window.", v => text = v }, { "h|help", "Show this message and exit", v => show_help = v != null }, }; opts.Parse(args); if (show_help || (handle <= 0 && pid <= 0)) { ShowHelp(opts); } else if (handle > 0) { using (NtToken token = NtToken.FromHandle(new SafeKernelObjectHandle(new IntPtr(handle), true))) { if (token.NtType != NtType.GetTypeByType <NtToken>()) { throw new ArgumentException("Passed handle is not a token"); } return(new TokenForm(token.Duplicate(), text)); } } else if (pid > 0) { using (NtProcess process = NtProcess.Open(pid, ProcessAccessRights.QueryLimitedInformation)) { return(new TokenForm(process.OpenToken(), $"{process.Name}:{pid}")); } } } catch (Exception ex) { MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } return(null); }
private void btnPermissions_Click(object sender, EventArgs e) { try { NativeBridge.EditSecurity(Handle, _token.Duplicate(TokenAccessRights.ReadControl), "Token"); } catch (NtException ex) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } }
private ListViewItem CreateProcessNode(NtProcess entry, NtToken token) { ListViewItem item = new ListViewItem(entry.ProcessId.ToString()); item.SubItems.Add(entry.Name); item.SubItems.Add(token.User.ToString()); item.SubItems.Add(token.IntegrityLevel.ToString()); item.SubItems.Add(token.Restricted.ToString()); item.SubItems.Add(token.AppContainer.ToString()); item.Tag = token.Duplicate(); return(item); }
private static NtToken DuplicateToken(NtToken token) { if (token.TokenType == TokenType.Primary) { return(token.DuplicateToken(TokenType.Impersonation, SecurityImpersonationLevel.Impersonation, TokenAccessRights.Query | TokenAccessRights.Impersonate | TokenAccessRights.Duplicate)); } else { return(token.Duplicate(TokenAccessRights.Query | TokenAccessRights.Impersonate | TokenAccessRights.Duplicate)); } }
public static void OpenForm(NtToken token, string text, bool copy) { if (token != null) { TokenForm form = new TokenForm(copy ? token.Duplicate() : token, text); _forms.Add(form); form.FormClosed += form_FormClosed; form.Show(_main_form); } }
private void btnRefreshHandles_Click(object sender, EventArgs e) { ClearList(listViewHandles); int current_pid = Process.GetCurrentProcess().Id; NtToken.EnableDebugPrivilege(); List <ListViewItem> items = new List <ListViewItem>(); foreach (var group in NtSystemInfo.GetHandles() .Where(h => h.ProcessId != current_pid && h.ObjectType.Equals("token", StringComparison.OrdinalIgnoreCase)) .GroupBy(h => h.ProcessId)) { using (var proc = NtProcess.Open(group.Key, ProcessAccessRights.DupHandle | ProcessAccessRights.QueryLimitedInformation, false)) { if (!proc.IsSuccess) { continue; } foreach (NtHandle handle in group) { using (var token_result = NtToken.DuplicateFrom(proc.Result, new IntPtr(handle.Handle), TokenAccessRights.Query | TokenAccessRights.QuerySource, DuplicateObjectOptions.None, false)) { if (!token_result.IsSuccess) { continue; } NtToken token = token_result.Result; ListViewItem item = new ListViewItem(handle.ProcessId.ToString()); item.SubItems.Add(proc.Result.Name); item.SubItems.Add($"0x{handle.Handle:X}"); item.SubItems.Add(token.User.ToString()); item.SubItems.Add(token.IntegrityLevel.ToString()); string restricted = token.Restricted.ToString(); if (token.WriteRestricted) { restricted = "Write"; } item.SubItems.Add(restricted); item.SubItems.Add(token.AppContainer.ToString()); item.SubItems.Add(token.TokenType.ToString()); item.SubItems.Add(token.ImpersonationLevel.ToString()); item.Tag = token.Duplicate(); items.Add(item); } } } } listViewHandles.Items.AddRange(items.ToArray()); ResizeColumns(listViewHandles); }
private bool ShowTokenPermissions(TokenAccessRights access, bool throw_on_error) { using (var result = _token.Duplicate(access, AttributeFlags.None, DuplicateObjectOptions.None, throw_on_error)) { if (result.IsSuccess) { Win32Utils.EditSecurity(Handle, result.Result, "Token", false); return(true); } } return(false); }
private void btnRefreshHandles_Click(object sender, EventArgs e) { ClearList(listViewHandles); int current_pid = Process.GetCurrentProcess().Id; NtToken.EnableDebugPrivilege(); List <ListViewItem> items = new List <ListViewItem>(); foreach (var group in NtSystemInfo.GetHandles() .Where(h => h.ProcessId != current_pid && h.ObjectType.Equals("token", StringComparison.OrdinalIgnoreCase)) .GroupBy(h => h.ProcessId)) { try { using (NtProcess proc = NtProcess.Open(group.Key, ProcessAccessRights.DupHandle | ProcessAccessRights.QueryLimitedInformation)) { foreach (NtHandle handle in group) { try { using (NtToken token = NtToken.DuplicateFrom(proc, new IntPtr(handle.Handle), TokenAccessRights.Query | TokenAccessRights.QuerySource)) { ListViewItem item = new ListViewItem(handle.ProcessId.ToString()); item.SubItems.Add(proc.Name); item.SubItems.Add(String.Format("0x{0:X}", handle.Handle)); item.SubItems.Add(token.User.ToString()); item.SubItems.Add(token.IntegrityLevel.ToString()); item.SubItems.Add(token.Restricted.ToString()); item.SubItems.Add(token.AppContainer.ToString()); item.SubItems.Add(token.TokenType.ToString()); item.SubItems.Add(token.ImpersonationLevel.ToString()); item.Tag = token.Duplicate(); items.Add(item); } } catch (NtException) { } } } } catch (NtException) { } } listViewHandles.Items.AddRange(items.ToArray()); ResizeColumns(listViewHandles); }
private static NtToken DuplicateForAccessCheck(NtToken token) { if (token.IsPseudoToken) { // This is a pseudo token, pass along as no need to duplicate. return(token); } if (token.TokenType == TokenType.Primary) { return(token.DuplicateToken(TokenType.Impersonation, SecurityImpersonationLevel.Identification, TokenAccessRights.Query)); } else if (!token.IsAccessGranted(TokenAccessRights.Query)) { return(token.Duplicate(TokenAccessRights.Query)); } else { // If we've got query access rights already just create a shallow clone. return(token.ShallowClone()); } }
private NtToken CreateToken() { SandboxTokenType type = GetSelectedTokenType(); NtToken current_token = _token.Duplicate(); if ((type & SandboxTokenType.RestrictedOnly) != 0) { using (NtToken tmp_token = current_token) { current_token = CreateRestrictedToken(tmp_token); } } if ((type & SandboxTokenType.LowBoxOnly) != 0) { using (NtToken tmp_token = current_token) { current_token = CreateLowBoxToken(tmp_token); } } return(current_token); }
public ServiceTokenEntry(RunningService service, NtToken token) { Service = service; ProcessToken = token.Duplicate(); }
public static NtToken GetTokenFromSaferLevel(NtToken token, SaferLevel level, bool make_inert) { IntPtr level_handle; if (!SaferCreateLevel(SaferScope.User, level, SAFER_LEVEL_OPEN, out level_handle, IntPtr.Zero)) { throw new SafeWin32Exception(); } try { using (NtToken duptoken = token.Duplicate(TokenAccessRights.GenericRead | TokenAccessRights.GenericExecute)) { SafeKernelObjectHandle handle; if (SaferComputeTokenFromLevel(level_handle, duptoken.Handle, out handle, make_inert ? SaferFlags.MakeInert : 0, IntPtr.Zero)) { return NtToken.FromHandle(handle); } else { throw new SafeWin32Exception(); } } } finally { SaferCloseLevel(level_handle); } }
public static void OpenForm(NtToken token, bool copy) { if (token != null) { TokenForm form = new TokenForm(copy ? token.Duplicate() : token); _forms.Add(form); form.FormClosed += form_FormClosed; form.Show(_main_form); } }