//////////////////////////////////////////////////////////////////////////////// // Displays the users associated with a token //////////////////////////////////////////////////////////////////////////////// public void GetTokenOwner() { uint returnLength; advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenOwner, IntPtr.Zero, 0, out returnLength); hTokenOwner = Marshal.AllocHGlobal((int)returnLength); try { if (!advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenOwner, hTokenOwner, returnLength, out returnLength)) { Misc.GetWin32Error("GetTokenInformation (TokenOwner) - Pass 2"); return; } tokenOwner = (Ntifs._TOKEN_OWNER)Marshal.PtrToStructure(hTokenOwner, typeof(Ntifs._TOKEN_OWNER)); if (IntPtr.Zero == tokenOwner.Owner) { Misc.GetWin32Error("PtrToStructure"); } } catch (Exception ex) { Misc.GetWin32Error("GetTokenInformation (TokenOwner) - Pass 2"); Console.WriteLine(ex.Message); return; } Console.WriteLine("[+] Owner: "); string sid, account; sid = account = string.Empty; _ReadSidAndName(tokenOwner.Owner, out sid, out account); Console.WriteLine("{0,-50} {1}", sid, account); return; }
private bool CreateTokenOwner(string domain, string userName, out Ntifs._TOKEN_OWNER tokenOwner) { Console.WriteLine("[*] _TOKEN_OWNER"); tokenOwner = new Ntifs._TOKEN_OWNER(); IntPtr hOwnerSid = IntPtr.Zero; if (!_LookupSid(domain, userName, ref hOwnerSid)) { return(false); } tokenOwner.Owner = hOwnerSid; return(true); }
public static extern uint NtCreateToken( out IntPtr TokenHandle, uint DesiredAccess, ref wudfwdm._OBJECT_ATTRIBUTES ObjectAttributes, Winnt._TOKEN_TYPE TokenType, ref Winnt._LUID AuthenticationId, //From NtAllocateLocallyUniqueId ref long ExpirationTime, ref Ntifs._TOKEN_USER TokenUser, ref Ntifs._TOKEN_GROUPS_DYNAMIC TokenGroups, ref Winnt._TOKEN_PRIVILEGES_ARRAY TokenPrivileges, ref Ntifs._TOKEN_OWNER TokenOwner, ref Winnt._TOKEN_PRIMARY_GROUP TokenPrimaryGroup, ref Winnt._TOKEN_DEFAULT_DACL TokenDefaultDacl, ref Winnt._TOKEN_SOURCE TokenSource );