////////////////////////////////////////////////////////////////////////////////
// Starts Windows Module Installer and impersonates or starts a process with
// the cloned token. There are better ways of doing this net .O
////////////////////////////////////////////////////////////////////////////////
private static void _GetTrustedInstaller(CommandLineParsing cLP, IntPtr hToken)
{
bool exists, enabled;
TokenInformation.CheckTokenPrivilege(hToken, "SeDebugPrivilege", out exists, out enabled);
if (exists)
{
using (TokenManipulation t = new TokenManipulation(hToken))
{
t.SetWorkingTokenToSelf();
if (!enabled)
{
t.SetTokenPrivilege(Winnt.SE_DEBUG_NAME, Winnt.TokenPrivileges.SE_PRIVILEGE_ENABLED);
}
if (string.IsNullOrEmpty(cLP.Command))
{
t.GetTrustedInstaller();
}
else
{
t.GetTrustedInstaller(cLP.CommandAndArgs);
}
}
}
else
{
Console.WriteLine("[-] SeDebugPrivilege Is Not Assigned to Token");
}
}
