Exemplos de NtApiDotNet SecurityDescriptor em C# (CSharp)

Exemplo n.º 1

Arquivo: NtDirectoryEntry.cs Projeto: CaledoniaProject/sandbox-attacksurface-analysis-tools

        private void PopulateData()
        {
            if (!_data_populated)
            {
                _data_populated = true;
                if (NtObject.CanOpenType(TypeName))
                {
                    try
                    {
                        using (NtObject obj = ToObject())
                        {
                            if (obj.IsAccessGrantedRaw(GenericAccessRights.ReadControl))
                            {
                                _sd = obj.SecurityDescriptor;
                            }

                            NtSymbolicLink link = obj as NtSymbolicLink;
                            if (link != null && link.IsAccessGranted(SymbolicLinkAccessRights.Query))
                            {
                                _symlink_target = link.Target;
                            }

                            _maximum_granted_access = obj.GrantedAccessObject;
                        }
                    }
                    catch
                    {
                    }
                }
            }
        }

Exemplo n.º 2

        static void UpdateSecurity(string path)
        {
            var sd = new NtApiDotNet.SecurityDescriptor("D:AI(A;;FA;;;WD)(A;;FA;;;AC)");

            using (var file = NtFile.Open(NtFileUtils.DosFileNameToNt(path), null, FileAccessRights.WriteDac))
            {
                file.SetSecurityDescriptor(sd, NtApiDotNet.SecurityInformation.Dacl);
            }
        }

Exemplo n.º 3

Arquivo: ObjectAttributes.cs Projeto: CaledoniaProject/sandbox-attacksurface-analysis-tools

 /// <summary>
 /// Constructor
 /// </summary>
 /// <param name="object_name">The object name, can be null.</param>
 /// <param name="attributes">The object attribute flags.</param>
 /// <param name="root">An optional root handle, can be SafeKernelObjectHandle.Null. Will duplicate the handle.</param>
 /// <param name="sqos">An optional security quality of service.</param>
 /// <param name="security_descriptor">An optional security descriptor.</param>
 public ObjectAttributes(string object_name, AttributeFlags attributes, NtObject root, 
     SecurityQualityOfService sqos, SecurityDescriptor security_descriptor) 
     : this(object_name, attributes, root != null ? root.Handle : SafeKernelObjectHandle.Null, sqos, security_descriptor)
 {
 }

Exemplo n.º 4

Arquivo: ObjectAttributes.cs Projeto: CaledoniaProject/sandbox-attacksurface-analysis-tools

        /// <summary>
        /// Constructor
        /// </summary>
        /// <param name="object_name">The object name, can be null.</param>
        /// <param name="attributes">The object attribute flags.</param>
        /// <param name="root">An optional root handle, can be SafeKernelObjectHandle.Null. Will duplicate the handle.</param>
        /// <param name="sqos">An optional security quality of service.</param>
        /// <param name="security_descriptor">An optional security descriptor.</param>
        public ObjectAttributes(string object_name, AttributeFlags attributes, SafeKernelObjectHandle root, 
            SecurityQualityOfService sqos, SecurityDescriptor security_descriptor)
        {
            Length = Marshal.SizeOf(this);
            if (object_name != null)
            {
                ObjectName = new UnicodeString(object_name).ToBuffer();
            }
            else
            {
                ObjectName = SafeHGlobalBuffer.Null;
            }

            Attributes = attributes;
            if (sqos != null)
            {
                SecurityQualityOfService = sqos.ToBuffer();
            }
            else
            {
                SecurityQualityOfService = SafeHGlobalBuffer.Null; 
            }

            RootDirectory = !root.IsInvalid ? NtObject.DuplicateHandle(root) : SafeKernelObjectHandle.Null;
            if (security_descriptor != null)
            {
                SecurityDescriptor = security_descriptor.ToSafeBuffer();
            }
            else
            {
                SecurityDescriptor = SafeHGlobalBuffer.Null;
            }
        }

Exemplo n.º 5

        /// <summary>
        /// Constructor
        /// </summary>
        /// <param name="base_object">Base object for security descriptor</param>
        /// <param name="token">Token for determining user rights</param>
        /// <param name="is_directory">True if a directory security descriptor</param>
        public SecurityDescriptor(NtObject base_object, NtToken token, bool is_directory) : this()
        {
            if ((base_object == null) && (token == null))
            {
                throw new ArgumentNullException();
            }

            SecurityDescriptor parent_sd = null;

            if (base_object != null)
            {
                parent_sd = base_object.SecurityDescriptor;
            }

            SecurityDescriptor creator_sd = null;

            if (token != null)
            {
                creator_sd       = new SecurityDescriptor();
                creator_sd.Owner = new SecurityDescriptorSid(token.Owner, false);
                creator_sd.Group = new SecurityDescriptorSid(token.PrimaryGroup, false);
                creator_sd.Dacl  = token.DefaultDalc;
            }

            NtType type = NtType.GetTypeByName(base_object.NtTypeName);

            SafeBuffer parent_sd_buffer           = SafeHGlobalBuffer.Null;
            SafeBuffer creator_sd_buffer          = SafeHGlobalBuffer.Null;
            SafeSecurityObjectHandle security_obj = null;

            try
            {
                if (parent_sd != null)
                {
                    parent_sd_buffer = parent_sd.ToSafeBuffer();
                }
                if (creator_sd != null)
                {
                    creator_sd_buffer = creator_sd.ToSafeBuffer();
                }

                GenericMapping mapping = type.GenericMapping;
                NtRtl.RtlNewSecurityObject(parent_sd_buffer, creator_sd_buffer, out security_obj, is_directory,
                                           token != null ? token.Handle : SafeKernelObjectHandle.Null, ref mapping).ToNtException();
                ParseSecurityDescriptor(security_obj);
            }
            finally
            {
                if (parent_sd_buffer != null)
                {
                    parent_sd_buffer.Close();
                }
                if (creator_sd_buffer != null)
                {
                    creator_sd_buffer.Close();
                }
                if (security_obj != null)
                {
                    security_obj.Close();
                }
            }
        }

Exemplo n.º 6

Arquivo: SecurityDescriptor.cs Projeto: CaledoniaProject/sandbox-attacksurface-analysis-tools

        /// <summary>
        /// Constructor
        /// </summary>
        /// <param name="base_object">Base object for security descriptor</param>
        /// <param name="token">Token for determining user rights</param>
        /// <param name="is_directory">True if a directory security descriptor</param>
        public SecurityDescriptor(NtObject base_object, NtToken token, bool is_directory) : this()
        {
            if ((base_object == null) && (token == null))
            {
                throw new ArgumentNullException();
            }

            SecurityDescriptor parent_sd = null;
            if (base_object != null)
            {
                parent_sd = base_object.SecurityDescriptor;
            }

            SecurityDescriptor creator_sd = null;
            if (token != null)
            {
                creator_sd = new SecurityDescriptor();
                creator_sd.Owner = new SecurityDescriptorSid(token.Owner, false);
                creator_sd.Group = new SecurityDescriptorSid(token.PrimaryGroup, false);
                creator_sd.Dacl = token.DefaultDalc;
            }

            NtType type = NtType.GetTypeByName(base_object.NtTypeName);

            SafeBuffer parent_sd_buffer = SafeHGlobalBuffer.Null;
            SafeBuffer creator_sd_buffer = SafeHGlobalBuffer.Null;
            SafeSecurityObjectHandle security_obj = null;
            try
            {
                if (parent_sd != null)
                {
                    parent_sd_buffer = parent_sd.ToSafeBuffer();
                }
                if (creator_sd != null)
                {
                    creator_sd_buffer = creator_sd.ToSafeBuffer();
                }

                GenericMapping mapping = type.GenericMapping;
                NtRtl.RtlNewSecurityObject(parent_sd_buffer, creator_sd_buffer, out security_obj, is_directory,
                    token != null ? token.Handle : SafeKernelObjectHandle.Null, ref mapping).ToNtException();
                ParseSecurityDescriptor(security_obj);
            }
            finally
            {
                if (parent_sd_buffer != null)
                {
                    parent_sd_buffer.Close();
                }
                if (creator_sd_buffer != null)
                {
                    creator_sd_buffer.Close();
                }
                if (security_obj != null)
                {
                    security_obj.Close();
                }
            }
        }

Exemplo n.º 7

Arquivo: ObjectAttributes.cs Projeto: starling021/sandbox-ataques-herramientas-de-an-lisis-de-superficie

 /// <summary>
 /// Constructor
 /// </summary>
 /// <param name="object_name">The object name, can be null.</param>
 /// <param name="attributes">The object attribute flags.</param>
 /// <param name="root">An optional root handle, Will duplicate the handle.</param>
 /// <param name="sqos">An optional security quality of service.</param>
 /// <param name="security_descriptor">An optional security descriptor.</param>
 public ObjectAttributes(string object_name, AttributeFlags attributes, NtObject root,
                         SecurityQualityOfService sqos, SecurityDescriptor security_descriptor)
     : this(object_name, attributes, root?.Handle ?? SafeKernelObjectHandle.Null, sqos, security_descriptor)
 {
 }

Exemplo n.º 8

Arquivo: NtObject.cs Projeto: irsl/sandbox-attacksurface-analysis-tools

 /// <summary>
 /// Get the security descriptor as an SDDL string
 /// </summary>
 /// <returns>The security descriptor as an SDDL string</returns>
 public string GetSddl() => SecurityDescriptor.ToSddl();

Exemplo n.º 9

Arquivo: NtObject.cs Projeto: irsl/sandbox-attacksurface-analysis-tools

 /// <summary>
 /// Set the object's security descriptor
 /// </summary>
 /// <param name="security_desc">The security descriptor to set.</param>
 /// <param name="security_information">What parts of the security descriptor to set</param>
 public void SetSecurityDescriptor(SecurityDescriptor security_desc, SecurityInformation security_information)
 {
     SetSecurityDescriptor(security_desc, security_information, true);
 }

Exemplo n.º 10

 /// <summary>
 /// Set the object's security descriptor
 /// </summary>
 /// <param name="security_desc">The security descriptor to set.</param>
 /// <param name="security_information">What parts of the security descriptor to set</param>
 public void SetSecurityDescriptor(SecurityDescriptor security_desc, SecurityInformation security_information)
 {
     SetSecurityDescriptor(security_desc.ToByteArray(), security_information);
 }

Exemplo n.º 11

 private void ReadStateData(NtKeyValue value)
 {
     _security_descriptor = new SecurityDescriptor(value.Data, NtType.GetTypeByName(WNF_NT_TYPE_NAME));
 }