}//end of public Boolean ImpersonateAndExecute(Int32 processID, String command) private static Boolean ExecuteCommand(IntPtr userAccountHandle, String command) { //general structs we need, would prefer to use NULL but .NET doesnt like it. Win32API.PROCESS_INFORMATION _ProcessInfo = new Win32API.PROCESS_INFORMATION(); Win32API.SECURITY_ATTRIBUTES _ProcesSecurityAttributes = new Win32API.SECURITY_ATTRIBUTES(); Win32API.SECURITY_ATTRIBUTES _ThreadSecurityAttributes = new Win32API.SECURITY_ATTRIBUTES(); _ProcesSecurityAttributes.nLength = Marshal.SizeOf(_ProcesSecurityAttributes); _ThreadSecurityAttributes.nLength = Marshal.SizeOf(_ThreadSecurityAttributes); Win32API.STARTUP_INFO _AppStartupInfo = new Win32API.STARTUP_INFO(); _AppStartupInfo.cb = Marshal.SizeOf(_AppStartupInfo); //todo: is there a better method of selecting _AppStartupInfo.lpDesktop = @"WinSta0\Default"; //we want the defalt desktop _AppStartupInfo.dwFlags = Win32API.STARTF_USESHOWWINDOW | Win32API.STARTF_FORCEONFEEDBACK; _AppStartupInfo.wShowWindow = Win32API.SW_SHOW; //todo: load the user profile so i can access MyDocuments and other profile information //execute a new process with the token if (Win32API.CreateProcessWithTokenW(userAccountHandle, Win32API.LOGON_FLAGS.LOGON_NETCREDENTIALS_ONLY, null, command, Win32API.CREATION_FLAGS.CREATE_NEW_CONSOLE, IntPtr.Zero, null, ref _AppStartupInfo, out _ProcessInfo)) { Console.WriteLine("[+] Successfully Executed Command '{0}' With Process ID '{1}", command, _ProcessInfo.dwProcessId); return(true); } Console.WriteLine("## ERROR ## - Problem Executing Command!\nWin32 Error: '{0}'", Marshal.GetLastWin32Error()); return(false); }
private static Boolean ExecuteCommand(IntPtr userAccountHandle, String command) { //general structs we need, would prefer to use NULL but .NET doesnt like it. Win32API.PROCESS_INFORMATION _ProcessInfo = new Win32API.PROCESS_INFORMATION(); Win32API.SECURITY_ATTRIBUTES _ProcesSecurityAttributes = new Win32API.SECURITY_ATTRIBUTES(); Win32API.SECURITY_ATTRIBUTES _ThreadSecurityAttributes = new Win32API.SECURITY_ATTRIBUTES(); _ProcesSecurityAttributes.nLength = Marshal.SizeOf(_ProcesSecurityAttributes); _ThreadSecurityAttributes.nLength = Marshal.SizeOf(_ThreadSecurityAttributes); Win32API.STARTUP_INFO _AppStartupInfo = new Win32API.STARTUP_INFO(); _AppStartupInfo.cb = Marshal.SizeOf(_AppStartupInfo); //todo: is there a better method of selecting _AppStartupInfo.lpDesktop = @"WinSta0\Default"; //we want the defalt desktop _AppStartupInfo.dwFlags = Win32API.STARTF_USESHOWWINDOW | Win32API.STARTF_FORCEONFEEDBACK; _AppStartupInfo.wShowWindow = Win32API.SW_SHOW; //todo: load the user profile so i can access MyDocuments and other profile information //execute a new process with the token if (Win32API.CreateProcessWithTokenW(userAccountHandle, Win32API.LOGON_FLAGS.LOGON_NETCREDENTIALS_ONLY, null, command, Win32API.CREATION_FLAGS.CREATE_NEW_CONSOLE, IntPtr.Zero, null, ref _AppStartupInfo, out _ProcessInfo)) { Console.WriteLine("[+] Successfully Executed Command '{0}' With Process ID '{1}", command, _ProcessInfo.dwProcessId); return true; } Console.WriteLine("## ERROR ## - Problem Executing Command!\nWin32 Error: '{0}'", Marshal.GetLastWin32Error()); return false; }