//////////////////////////////////////////////////////////////////////////////// // Wrapper for CreateProcessWithTokenW //////////////////////////////////////////////////////////////////////////////// public static Boolean CreateProcessWithTokenW(IntPtr phNewToken, String name, String arguments) { Console.WriteLine("[*] CreateProcessWithTokenW"); IntPtr lpProcessName = Marshal.StringToHGlobalUni(name); IntPtr lpProcessArgs = Marshal.StringToHGlobalUni(name); Structs._STARTUPINFO startupInfo = new Structs._STARTUPINFO(); startupInfo.cb = (UInt32)Marshal.SizeOf(typeof(Structs._STARTUPINFO)); Structs._PROCESS_INFORMATION processInformation = new Structs._PROCESS_INFORMATION(); if (!advapi32.CreateProcessWithTokenW( phNewToken, Enums.LOGON_FLAGS.NetCredentialsOnly, lpProcessName, lpProcessArgs, Enums.CREATION_FLAGS.NONE, IntPtr.Zero, IntPtr.Zero, ref startupInfo, out processInformation )) { Console.WriteLine(" [-] Function CreateProcessWithTokenW failed: " + Marshal.GetLastWin32Error()); return(false); } Console.WriteLine(" [+] Created process: " + processInformation.dwProcessId); Console.WriteLine(" [+] Created thread: " + processInformation.dwThreadId); return(true); }
//////////////////////////////////////////////////////////////////////////////// // Wrapper for ProcessWithLogonW //////////////////////////////////////////////////////////////////////////////// public static Boolean CreateProcessWithLogonW(IntPtr phNewToken, String name, String arguments) { Console.WriteLine("[*] CreateProcessWithLogonW"); Structs._STARTUPINFO startupInfo = new Structs._STARTUPINFO(); startupInfo.cb = (UInt32)Marshal.SizeOf(typeof(Structs._STARTUPINFO)); Structs._PROCESS_INFORMATION processInformation = new Structs._PROCESS_INFORMATION(); if (!advapi32.CreateProcessWithLogonW( "i", "j", "k", 0x00000002, name, arguments, 0x04000000, IntPtr.Zero, Environment.SystemDirectory, ref startupInfo, out processInformation )) { Console.WriteLine(" [-] Function CreateProcessWithLogonW failed: " + Marshal.GetLastWin32Error()); return(false); } Console.WriteLine(" [+] Created process: " + processInformation.dwProcessId); Console.WriteLine(" [+] Created thread: " + processInformation.dwThreadId); return(true); }
public static extern Boolean CreateProcessWithTokenW( IntPtr hToken, Enums.LOGON_FLAGS dwLogonFlags, IntPtr lpApplicationName, IntPtr lpCommandLine, Enums.CREATION_FLAGS dwCreationFlags, IntPtr lpEnvironment, IntPtr lpCurrentDirectory, ref Structs._STARTUPINFO lpStartupInfo, out Structs._PROCESS_INFORMATION lpProcessInfo );
public static extern bool CreateProcessWithLogonW( String userName, String domain, String password, int logonFlags, String applicationName, String commandLine, int creationFlags, IntPtr environment, String currentDirectory, ref Structs._STARTUPINFO startupInfo, out Structs._PROCESS_INFORMATION processInformation );
public static extern Boolean CreateProcessAsUserW( IntPtr hToken, IntPtr lpApplicationName, IntPtr lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, Boolean bInheritHandles, Enums.CREATION_FLAGS dwCreationFlags, IntPtr lpEnvironment, IntPtr lpCurrentDirectory, ref Structs._STARTUPINFO lpStartupInfo, out Structs._PROCESS_INFORMATION lpProcessInfo );
//////////////////////////////////////////////////////////////////////////////// // Wrapper for CreateProcessWithTokenW //////////////////////////////////////////////////////////////////////////////// public static Boolean CreateProcessWithTokenW(IntPtr phNewToken, String name, String arguments) { if (name.Contains("\\")) { name = System.IO.Path.GetFullPath(name); if (!System.IO.File.Exists(name)) { Console.WriteLine("[-] File Not Found"); return(false); } } else { name = FindFilePath(name); if (String.Empty == name) { Console.WriteLine("[-] Unable to find file"); return(false); } } Console.WriteLine("[*] CreateProcessWithTokenW"); IntPtr lpProcessName = Marshal.StringToHGlobalUni(name); IntPtr lpProcessArgs = Marshal.StringToHGlobalUni(arguments); Structs._STARTUPINFO startupInfo = new Structs._STARTUPINFO(); startupInfo.cb = (UInt32)Marshal.SizeOf(typeof(Structs._STARTUPINFO)); Structs._PROCESS_INFORMATION processInformation = new Structs._PROCESS_INFORMATION(); if (!advapi32.CreateProcessWithTokenW( phNewToken, Enums.LOGON_FLAGS.NetCredentialsOnly, lpProcessName, lpProcessArgs, Enums.CREATION_FLAGS.NONE, IntPtr.Zero, IntPtr.Zero, ref startupInfo, out processInformation )) { Console.WriteLine(" [-] Function CreateProcessWithTokenW failed: " + Marshal.GetLastWin32Error()); return(false); } Console.WriteLine(" [+] Created process: " + processInformation.dwProcessId); Console.WriteLine(" [+] Created thread: " + processInformation.dwThreadId); return(true); }
//////////////////////////////////////////////////////////////////////////////// // Wrapper for ProcessWithLogonW //////////////////////////////////////////////////////////////////////////////// public static Boolean CreateProcessWithLogonW(IntPtr phNewToken, String name, String arguments) { if (name.Contains("\\")) { name = System.IO.Path.GetFullPath(name); if (!System.IO.File.Exists(name)) { Console.WriteLine("[-] File Not Found"); return(false); } } else { name = FindFilePath(name); if (String.Empty == name) { Console.WriteLine("[-] Unable to find file"); return(false); } } Console.WriteLine("[*] CreateProcessWithLogonW"); Structs._STARTUPINFO startupInfo = new Structs._STARTUPINFO(); startupInfo.cb = (UInt32)Marshal.SizeOf(typeof(Structs._STARTUPINFO)); Structs._PROCESS_INFORMATION processInformation = new Structs._PROCESS_INFORMATION(); if (!advapi32.CreateProcessWithLogonW( "i", "j", "k", 0x00000002, name, arguments, 0x04000000, IntPtr.Zero, Environment.SystemDirectory, ref startupInfo, out processInformation )) { Console.WriteLine(" [-] Function CreateProcessWithLogonW failed: " + Marshal.GetLastWin32Error()); return(false); } Console.WriteLine(" [+] Created process: " + processInformation.dwProcessId); Console.WriteLine(" [+] Created thread: " + processInformation.dwThreadId); return(true); }