//////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////// public void SetTokenInformation() { Structs.SidIdentifierAuthority pIdentifierAuthority = new Structs.SidIdentifierAuthority(); pIdentifierAuthority.Value = new byte[] { 0x0, 0x0, 0x0, 0x0, 0x0, 0x10 }; byte nSubAuthorityCount = 1; IntPtr pSID = new IntPtr(); if (advapi32.AllocateAndInitializeSid(ref pIdentifierAuthority, nSubAuthorityCount, 0x2000, 0, 0, 0, 0, 0, 0, 0, out pSID)) { Console.WriteLine(" [+] Initialized SID : " + pSID.ToInt32()); } Structs.SID_AND_ATTRIBUTES sidAndAttributes = new Structs.SID_AND_ATTRIBUTES(); sidAndAttributes.Sid = pSID; sidAndAttributes.Attributes = Constants.SE_GROUP_INTEGRITY_32; Structs.TOKEN_MANDATORY_LABEL tokenMandatoryLabel = new Structs.TOKEN_MANDATORY_LABEL(); tokenMandatoryLabel.Label = sidAndAttributes; Int32 tokenMandatoryLableSize = Marshal.SizeOf(tokenMandatoryLabel); if (ntdll.NtSetInformationToken(phNewToken, 25, ref tokenMandatoryLabel, tokenMandatoryLableSize) == 0) { Console.WriteLine(" [+] Set Token Information : " + phNewToken.ToInt32()); } else { GetError("NtSetInformationToken: "); } IntPtr luaToken = new IntPtr(); if (ntdll.NtFilterToken(phNewToken, 4, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, ref luaToken) == 0) { Console.WriteLine(" [+] Set LUA Token Information : " + luaToken.ToInt32()); } else { GetError("NtFilterToken: "); } }
internal static extern Int32 NtSetInformationToken( IntPtr TokenHandle, Int32 TokenInformationClass, ref Structs.TOKEN_MANDATORY_LABEL TokenInformation, Int32 TokenInformationLength );