public static extern Boolean AdjustTokenPrivileges( IntPtr TokenHandle, Boolean DisableAllPrivileges, ref Winnt._TOKEN_PRIVILEGES NewState, UInt32 BufferLengthInBytes, ref Winnt._TOKEN_PRIVILEGES PreviousState, out UInt32 ReturnLengthInBytes );
public static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, bool DisableAllPrivileges, ref Winnt._TOKEN_PRIVILEGES NewState, uint BufferLengthInBytes, ref Winnt._TOKEN_PRIVILEGES PreviousState, out uint ReturnLengthInBytes );
//////////////////////////////////////////////////////////////////////////////// // Sets a Token to have a specified privilege // http://www.leeholmes.com/blog/2010/09/24/adjusting-token-privileges-in-powershell/ // https://support.microsoft.com/en-us/help/131065/how-to-obtain-a-handle-to-any-process-with-sedebugprivilege //////////////////////////////////////////////////////////////////////////////// public static void NukeTokenPrivilege(ref IntPtr hToken) { Winnt._TOKEN_PRIVILEGES newState = new Winnt._TOKEN_PRIVILEGES(); Winnt._TOKEN_PRIVILEGES previousState = new Winnt._TOKEN_PRIVILEGES(); Console.WriteLine(" [*] AdjustTokenPrivilege"); if (!advapi32.AdjustTokenPrivileges(hToken, true, ref newState, (UInt32)Marshal.SizeOf(typeof(Winnt._TOKEN_PRIVILEGES)), ref previousState, out UInt32 returnLength)) { GetWin32Error("AdjustTokenPrivileges"); } return; }
//////////////////////////////////////////////////////////////////////////////// // Sets a Token to have a specified privilege // http://www.leeholmes.com/blog/2010/09/24/adjusting-token-privileges-in-powershell/ // https://support.microsoft.com/en-us/help/131065/how-to-obtain-a-handle-to-any-process-with-sedebugprivilege //////////////////////////////////////////////////////////////////////////////// public static void SetTokenPrivilege(ref IntPtr hToken, String privilege, Winnt.TokenPrivileges attribute) { if (!validPrivileges.Contains(privilege)) { Console.WriteLine("[-] Invalid Privilege Specified"); return; } Console.WriteLine("[*] Adjusting Token Privilege"); //////////////////////////////////////////////////////////////////////////////// Winnt._LUID luid = new Winnt._LUID(); if (!advapi32.LookupPrivilegeValue(null, privilege, ref luid)) { GetWin32Error("LookupPrivilegeValue"); return; } Console.WriteLine(" [+] Recieved luid"); //////////////////////////////////////////////////////////////////////////////// Winnt._LUID_AND_ATTRIBUTES luidAndAttributes = new Winnt._LUID_AND_ATTRIBUTES { Luid = luid, Attributes = (uint)attribute }; Winnt._TOKEN_PRIVILEGES newState = new Winnt._TOKEN_PRIVILEGES { PrivilegeCount = 1, Privileges = luidAndAttributes }; Winnt._TOKEN_PRIVILEGES previousState = new Winnt._TOKEN_PRIVILEGES(); Console.WriteLine(" [*] AdjustTokenPrivilege"); UInt32 returnLength = 0; if (!advapi32.AdjustTokenPrivileges(hToken, false, ref newState, (UInt32)Marshal.SizeOf(newState), ref previousState, out returnLength)) { GetWin32Error("AdjustTokenPrivileges"); return; } Console.WriteLine(" [+] Adjusted Privilege: {0}", privilege); Console.WriteLine(" [+] Privilege State: {0}", attribute); return; }
//////////////////////////////////////////////////////////////////////////////// // Sets a Token to have a specified privilege // http://www.leeholmes.com/blog/2010/09/24/adjusting-token-privileges-in-powershell/ // https://support.microsoft.com/en-us/help/131065/how-to-obtain-a-handle-to-any-process-with-sedebugprivilege //////////////////////////////////////////////////////////////////////////////// public bool SetTokenPrivilege(string privilege, Winnt.TokenPrivileges attribute) { Console.WriteLine("[*] Adjusting Token Privilege {0} => {1}", privilege, attribute); //////////////////////////////////////////////////////////////////////////////// Winnt._LUID luid = new Winnt._LUID(); if (!advapi32.LookupPrivilegeValue(null, privilege, ref luid)) { Misc.GetWin32Error("LookupPrivilegeValue"); return(false); } Console.WriteLine(" [+] Recieved luid"); //////////////////////////////////////////////////////////////////////////////// Winnt._LUID_AND_ATTRIBUTES luidAndAttributes = new Winnt._LUID_AND_ATTRIBUTES { Luid = luid, Attributes = (uint)attribute }; Winnt._TOKEN_PRIVILEGES newState = new Winnt._TOKEN_PRIVILEGES { PrivilegeCount = 1, Privileges = luidAndAttributes }; Winnt._TOKEN_PRIVILEGES previousState = new Winnt._TOKEN_PRIVILEGES(); Console.WriteLine(" [*] AdjustTokenPrivilege"); uint returnLength; if (!advapi32.AdjustTokenPrivileges(hWorkingToken, false, ref newState, (uint)Marshal.SizeOf(newState), ref previousState, out returnLength)) { Misc.GetWin32Error("AdjustTokenPrivileges"); return(false); } Console.WriteLine(" [+] Adjusted Privilege: {0}", privilege); Console.WriteLine(" [+] Privilege State: {0}", attribute); return(true); }