//////////////////////////////////////////////////////////////////////////////// // Starts Windows Module Installer and impersonates or starts a process with // the cloned token. There are better ways of doing this net .O //////////////////////////////////////////////////////////////////////////////// private static void _GetTrustedInstaller(CommandLineParsing cLP, IntPtr hToken) { bool exists, enabled; TokenInformation.CheckTokenPrivilege(hToken, "SeDebugPrivilege", out exists, out enabled); if (exists) { using (TokenManipulation t = new TokenManipulation(hToken)) { t.SetWorkingTokenToSelf(); if (!enabled) { t.SetTokenPrivilege(Winnt.SE_DEBUG_NAME, Winnt.TokenPrivileges.SE_PRIVILEGE_ENABLED); } if (string.IsNullOrEmpty(cLP.Command)) { t.GetTrustedInstaller(); } else { t.GetTrustedInstaller(cLP.CommandAndArgs); } } } else { Console.WriteLine("[-] SeDebugPrivilege Is Not Assigned to Token"); } }