Пример #1
0
 internal static void OpenForm(ProcessTokenEntry process, string text, bool copy, bool thread)
 {
     if (process != null)
     {
         OpenForm(new TokenForm(copy ? process.Clone() : process, text, thread));
     }
 }
Пример #2
0
        private void ShowProcessSecurity(ProcessTokenEntry process)
        {
            var viewer = new SecurityDescriptorViewerForm($"{process.Name}:{process.ProcessId}",
                                                          process.ProcessSecurity, NtType.GetTypeByType <NtProcess>(), false);

            viewer.ShowDialog(this);
        }
 private static string GetChromeSandboxType(ProcessTokenEntry entry)
 {
     string[] args = Win32Utils.ParseCommandLine(entry.CommandLine);
     foreach (var s in args)
     {
         if (s.StartsWith("--type="))
         {
             return($"Sandbox: {s.Substring(7)}");
         }
     }
     return("Unknown");
 }
Пример #4
0
        private static string GetChromeSandboxType(ProcessTokenEntry entry)
        {
            string[] args         = Win32Utils.ParseCommandLine(entry.CommandLine);
            string   sandbox_type = null;

            foreach (var s in args)
            {
                if (s.StartsWith("--type="))
                {
                    sandbox_type = s.Substring(7);
                    if (!sandbox_type.Equals("utility", StringComparison.OrdinalIgnoreCase))
                    {
                        break;
                    }
                }
                else if (s.StartsWith("--utility-sub-type="))
                {
                    sandbox_type = $"utility.{s.Substring(19)}";
                    break;
                }
            }
            return($"Sandbox: {sandbox_type ?? "Unknown"}");
        }
Пример #5
0
        private TokenForm(ProcessTokenEntry process, NtToken token, string text)
        {
            InitializeComponent();
            this.Disposed += TokenForm_Disposed;
            _token         = token;
            Text           = GetFormText(token, text);

            foreach (object v in Enum.GetValues(typeof(TokenIntegrityLevel)))
            {
                comboBoxIL.Items.Add(v);
                comboBoxILForDup.Items.Add(v);
            }

            UpdateTokenData(process);
            listViewGroups.ListViewItemSorter         = new ListItemComparer(0);
            listViewPrivs.ListViewItemSorter          = new ListItemComparer(0);
            listViewRestrictedSids.ListViewItemSorter = new ListItemComparer(0);
            listViewCapabilities.ListViewItemSorter   = new ListItemComparer(0);

            comboBoxImpLevel.Items.Add(SecurityImpersonationLevel.Anonymous);
            comboBoxImpLevel.Items.Add(SecurityImpersonationLevel.Identification);
            comboBoxImpLevel.Items.Add(SecurityImpersonationLevel.Impersonation);
            comboBoxImpLevel.Items.Add(SecurityImpersonationLevel.Delegation);
            comboBoxImpLevel.SelectedItem = SecurityImpersonationLevel.Impersonation;

            comboBoxTokenType.Items.Add(TokenType.Primary);
            comboBoxTokenType.Items.Add(TokenType.Impersonation);
            comboBoxTokenType.SelectedItem = TokenType.Impersonation;

            foreach (object v in Enum.GetValues(typeof(SaferLevel)))
            {
                comboBoxSaferLevel.Items.Add(v);
            }

            comboBoxSaferLevel.SelectedItem = SaferLevel.NormalUser;
        }
Пример #6
0
 internal TokenForm(ProcessTokenEntry process, string text, bool thread)
     : this(process, thread ? ((ThreadTokenEntry)process).ThreadToken : process.ProcessToken, text)
 {
 }
Пример #7
0
        private void UpdateTokenData(ProcessTokenEntry process)
        {
            UserGroup user = _token.User;

            txtUsername.Text = user.ToString();
            txtUserSid.Text  = user.Sid.ToString();

            TokenType tokentype = _token.TokenType;

            txtTokenType.Text = tokentype.ToString();

            if (tokentype == TokenType.Impersonation)
            {
                txtImpLevel.Text = _token.ImpersonationLevel.ToString();
            }
            else
            {
                txtImpLevel.Text = "N/A";
            }

            txtTokenId.Text    = _token.Id.ToString();
            txtModifiedId.Text = _token.ModifiedId.ToString();
            txtAuthId.Text     = _token.AuthenticationId.ToString();
            if (Enum.IsDefined(typeof(TokenIntegrityLevel), _token.IntegrityLevel))
            {
                comboBoxIL.SelectedItem       = _token.IntegrityLevel;
                comboBoxILForDup.SelectedItem = _token.IntegrityLevel;
            }
            else
            {
                comboBoxIL.Text       = _token.IntegrityLevel.ToString();
                comboBoxILForDup.Text = _token.IntegrityLevel.ToString();
            }

            txtSessionId.Text = _token.SessionId.ToString();
            if (_token.IsAccessGranted(TokenAccessRights.QuerySource))
            {
                txtSourceName.Text = _token.Source.SourceName;
                txtSourceId.Text   = _token.Source.SourceIdentifier.ToString();
            }
            else
            {
                txtSourceName.Text = "N/A";
                txtSourceId.Text   = "N/A";
            }
            TokenElevationType evtype = _token.ElevationType;

            txtElevationType.Text = evtype.ToString();
            txtIsElevated.Text    = _token.Elevated.ToString();
            txtOriginLoginId.Text = _token.Origin.ToString();

            btnLinkedToken.Enabled = evtype != TokenElevationType.Default;
            btnLinkedToken.Visible = btnLinkedToken.Enabled;

            UpdateGroupList();

            txtPrimaryGroup.Text = _token.PrimaryGroup.Name;
            txtOwner.Text        = _token.Owner.Name;

            Acl defdacl = _token.DefaultDacl;

            if (!defdacl.NullAcl)
            {
                foreach (Ace ace in defdacl)
                {
                    UserGroup group = new UserGroup(ace.Sid, GroupAttributes.None);

                    ListViewItem item = new ListViewItem(group.ToString());

                    AccessMask mask = GenericAccessRights.GenericAll | GenericAccessRights.GenericExecute
                                      | GenericAccessRights.GenericRead | GenericAccessRights.GenericWrite
                                      | GenericAccessRights.AccessSystemSecurity | GenericAccessRights.Delete | GenericAccessRights.ReadControl
                                      | GenericAccessRights.Synchronize | GenericAccessRights.WriteDac | GenericAccessRights.WriteOwner;
                    string maskstr;

                    if ((ace.Mask & ~mask).HasAccess)
                    {
                        maskstr = $"0x{ace.Mask:X08}";
                    }
                    else
                    {
                        maskstr = ace.Mask.ToGenericAccess().ToString();
                    }

                    item.SubItems.Add(maskstr);
                    item.SubItems.Add(ace.Flags.ToString());
                    item.SubItems.Add(ace.Type.ToString());
                    listViewDefDacl.Items.Add(item);
                }
            }
            else
            {
                listViewDefDacl.Items.Add("No Default DACL");
            }

            listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
            listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);

            if (_token.Restricted)
            {
                PopulateGroupList(listViewRestrictedSids, _token.RestrictedSids, false);
                if (_token.WriteRestricted)
                {
                    tabPageRestricted.Text = "Write Restricted SIDs";
                }
            }
            else
            {
                tabControlMain.TabPages.Remove(tabPageRestricted);
            }

            if (_token.AppContainer)
            {
                PopulateGroupList(listViewCapabilities, _token.Capabilities, false);
                txtACNumber.Text    = _token.AppContainerNumber.ToString();
                txtPackageName.Text = _token.AppContainerSid.Name;
                txtPackageSid.Text  = _token.AppContainerSid.ToString();
            }
            else
            {
                tabControlMain.TabPages.Remove(tabPageAppContainer);
            }

            if (process == null)
            {
                tabControlMain.TabPages.Remove(tabPageTokenSource);
            }
            else
            {
                txtProcessId.Text          = process.ProcessId.ToString();
                txtProcessImagePath.Text   = process.ImagePath;
                txtProcessCommandLine.Text = process.CommandLine;
                if (process is ThreadTokenEntry thread)
                {
                    txtThreadId.Text   = thread.ThreadId.ToString();
                    txtThreadName.Text = thread.ThreadName;
                }
                else
                {
                    groupThread.Visible = false;
                }
            }

            txtUIAccess.Text     = _token.UIAccess.ToString();
            txtSandboxInert.Text = _token.SandboxInert.ToString();
            bool virtAllowed = _token.VirtualizationAllowed;

            txtVirtualizationAllowed.Text          = virtAllowed.ToString();
            btnToggleVirtualizationEnabled.Enabled = virtAllowed;
            btnToggleVirtualizationEnabled.Visible = virtAllowed;
            if (virtAllowed)
            {
                txtVirtualizationEnabled.Text = _token.VirtualizationEnabled.ToString();
            }
            else
            {
                txtVirtualizationEnabled.Text = "N/A";
            }

            txtMandatoryILPolicy.Text = _token.MandatoryPolicy.ToString();
            txtHandleAccess.Text      = _token.GrantedAccess.ToString();
            Sid trust_level = _token.TrustLevel;

            txtTrustLevel.Text = trust_level != null ? trust_level.Name : "N/A";
            UpdateTokenFlags();
            UpdatePrivileges();
            UpdateSecurityAttributes(tabPageLocalSecurityAttributes, treeViewLocalSecurityAttributes, SecurityAttributeType.Local);
            UpdateSecurityAttributes(tabPageUserClaimSecurityAttributes, treeViewUserClaimSecurityAttributes, SecurityAttributeType.User);
            UpdateSecurityAttributes(tabPageDeviceClaimSecurityAttributes, treeViewDeviceClaimSecurityAttributes, SecurityAttributeType.Device);
            if (_token.DeviceGroups.Length > 0)
            {
                PopulateGroupList(listViewDeviceGroup, _token.DeviceGroups, false);
            }
            else
            {
                tabControlSecurityAttributes.TabPages.Remove(tabPageDeviceGroup);
            }
            if (tabControlSecurityAttributes.TabCount == 0)
            {
                lblSecurityAttributes.Visible = false;
            }

            if (_token.IsAccessGranted(TokenAccessRights.ReadControl))
            {
                securityDescriptorViewerControl.SetSecurityDescriptor(_token.SecurityDescriptor, _token.NtType, _token.NtType.ValidAccess);
            }
            else
            {
                tabControlMain.TabPages.Remove(tabPageSecurity);
            }
        }