public static IntPtr Invoke_UserImpersonation(Args_Invoke_UserImpersonation args = null) { if (args == null) { args = new Args_Invoke_UserImpersonation(); } if (System.Threading.Thread.CurrentThread.GetApartmentState() == System.Threading.ApartmentState.STA && !args.Quiet) { Logger.Write_Warning(@"[Invoke-UserImpersonation] powershell.exe is not currently in a single-threaded apartment state, token impersonation may not work."); } IntPtr LogonTokenHandle; bool Result; if (args.TokenHandle != IntPtr.Zero) { LogonTokenHandle = args.TokenHandle; } else { LogonTokenHandle = IntPtr.Zero; var UserDomain = args.Credential.Domain; var UserName = args.Credential.UserName; Logger.Write_Warning($@"[Invoke-UserImpersonation] Executing LogonUser() with user: {UserDomain}\{UserName}"); // LOGON32_LOGON_NEW_CREDENTIALS = 9, LOGON32_PROVIDER_WINNT50 = 3 // this is to simulate "runas.exe /netonly" functionality Result = NativeMethods.LogonUser(UserName, UserDomain, args.Credential.Password, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_WINNT50, ref LogonTokenHandle); var LastError = System.Runtime.InteropServices.Marshal.GetLastWin32Error(); if (!Result) { throw new Exception($@"[Invoke-UserImpersonation] LogonUser() Error: {new System.ComponentModel.Win32Exception(LastError).Message}"); } } // actually impersonate the token from LogonUser() Result = NativeMethods.ImpersonateLoggedOnUser(LogonTokenHandle); if (!Result) { throw new Exception($@"[Invoke-UserImpersonation] ImpersonateLoggedOnUser() Error: $(([ComponentModel.Win32Exception] $LastError).Message)"); } Logger.Write_Verbose(@"[Invoke-UserImpersonation] Alternate credentials successfully impersonated"); return(LogonTokenHandle); }
public static IntPtr Invoke_UserImpersonation(Args_Invoke_UserImpersonation args = null) { return(InvokeUserImpersonation.Invoke_UserImpersonation(args)); }