////////////////////////////////////////////////////////////////////////////////
// Sets a Token to have a specified privilege
// http://www.leeholmes.com/blog/2010/09/24/adjusting-token-privileges-in-powershell/
// https://support.microsoft.com/en-us/help/131065/how-to-obtain-a-handle-to-any-process-with-sedebugprivilege
////////////////////////////////////////////////////////////////////////////////
public static void SetTokenPrivilege(ref IntPtr hToken, String privilege, Boolean bEnable)
{
Console.WriteLine("[*] Adjusting Token Privilege");
////////////////////////////////////////////////////////////////////////////////
Structs._LUID luid = new Structs._LUID();
if (!advapi32.LookupPrivilegeValue(null, privilege, ref luid))
{
GetError("LookupPrivilegeValue");
return;
}
Console.WriteLine(" [+] Recieved luid");
////////////////////////////////////////////////////////////////////////////////
Structs._LUID_AND_ATTRIBUTES luidAndAttributes = new Structs._LUID_AND_ATTRIBUTES();
luidAndAttributes.Luid = luid;
luidAndAttributes.Attributes = 0;
Structs._TOKEN_PRIVILEGES newState = new Structs._TOKEN_PRIVILEGES();
newState.PrivilegeCount = 1;
newState.Privileges = luidAndAttributes;
Structs._TOKEN_PRIVILEGES previousState = new Structs._TOKEN_PRIVILEGES();
UInt32 returnLength = 0;
Console.WriteLine(" [+] AdjustTokenPrivilege Pass 1");
if (!advapi32.AdjustTokenPrivileges(hToken, false, ref newState, (UInt32)Marshal.SizeOf(newState), ref previousState, out returnLength))
{
GetError("AdjustTokenPrivileges - 1");
return;
}
////////////////////////////////////////////////////////////////////////////////
previousState.PrivilegeCount = 1;
if (bEnable)
{
previousState.Privileges.Attributes |= Constants.SE_PRIVILEGE_ENABLED;
}
else
{
previousState.Privileges.Attributes ^= (Constants.SE_PRIVILEGE_ENABLED & previousState.Privileges.Attributes);
}
////////////////////////////////////////////////////////////////////////////////
Structs._TOKEN_PRIVILEGES kluge = new Structs._TOKEN_PRIVILEGES();
Console.WriteLine(" [+] AdjustTokenPrivilege Pass 2");
if (!advapi32.AdjustTokenPrivileges(hToken, false, ref previousState, (UInt32)Marshal.SizeOf(previousState), ref kluge, out returnLength))
{
GetError("AdjustTokenPrivileges - 2");
return;
}
Console.WriteLine(" [+] Adjusted Token to: " + privilege);
return;
}
////////////////////////////////////////////////////////////////////////////////
// Sets a Token to have a specified privilege
// http://www.leeholmes.com/blog/2010/09/24/adjusting-token-privileges-in-powershell/
// https://support.microsoft.com/en-us/help/131065/how-to-obtain-a-handle-to-any-process-with-sedebugprivilege
////////////////////////////////////////////////////////////////////////////////
public static void SetTokenPrivilege(ref IntPtr hToken, String privilege)
{
if (!validPrivileges.Contains(privilege))
{
Console.WriteLine("[-] Invalid Privilege Specified");
return;
}
Console.WriteLine("[*] Adjusting Token Privilege");
////////////////////////////////////////////////////////////////////////////////
Structs._LUID luid = new Structs._LUID();
if (!advapi32.LookupPrivilegeValue(null, privilege, ref luid))
{
GetError("LookupPrivilegeValue");
return;
}
Console.WriteLine(" [+] Received luid");
////////////////////////////////////////////////////////////////////////////////
Structs._LUID_AND_ATTRIBUTES luidAndAttributes = new Structs._LUID_AND_ATTRIBUTES();
luidAndAttributes.Luid = luid;
luidAndAttributes.Attributes = Constants.SE_PRIVILEGE_ENABLED;
Structs._TOKEN_PRIVILEGES newState = new Structs._TOKEN_PRIVILEGES();
newState.PrivilegeCount = 1;
newState.Privileges = luidAndAttributes;
Structs._TOKEN_PRIVILEGES previousState = new Structs._TOKEN_PRIVILEGES();
UInt32 returnLength = 0;
Console.WriteLine(" [*] AdjustTokenPrivilege");
if (!advapi32.AdjustTokenPrivileges(hToken, false, ref newState, (UInt32)Marshal.SizeOf(newState), ref previousState, out returnLength))
{
GetError("AdjustTokenPrivileges");
return;
}
Console.WriteLine(" [+] Adjusted Token to: " + privilege);
return;
}
public static extern Boolean LookupPrivilegeValue(
String lpSystemName,
String lpName,
ref Structs._LUID luid
);