//////////////////////////////////////////////////////////////////////////////// // Mainloop //////////////////////////////////////////////////////////////////////////////// internal void Run() { try { Console.Write(context); string input; if (activateTabs) { try { input = console.ReadLine(); } catch (InvalidOperationException) { input = Console.ReadLine(); } } else { input = Console.ReadLine(); } IntPtr hToken, tempToken; hToken = tempToken = IntPtr.Zero; bool remote = _GetProcessID(input, out processID, out command); if (!remote) { hProcess = hBackup; kernel32.OpenProcessToken(hProcess, Winnt.TOKEN_ALL_ACCESS, out hToken); if (IntPtr.Zero == hToken) { Console.WriteLine("[-] Opening Process Token Failed, Opening Thread Token"); IntPtr hThread = kernel32.GetCurrentThread(); kernel32.OpenThreadToken(hThread, Winnt.TOKEN_ALL_ACCESS, true, ref hToken); if (IntPtr.Zero == hToken) { Console.WriteLine("[-] Opening Thread Token Failed, Recommend RevertToSelf"); } } } string action = Misc.NextItem(ref input); CommandLineParsing cLP = new CommandLineParsing(); if (!string.Equals(action, input, StringComparison.OrdinalIgnoreCase)) { if (!cLP.Parse(input)) { return; } } switch (action) { case "add_group": _AddGroup(cLP, hToken); break; case "add_privilege": _AddPrivilege(cLP); break; case "bypassuac": _BypassUAC(cLP, hToken); break; case "clear_desktop_acl": _ClearDesktopACL(); break; case "clone_token": _CloneToken(cLP, hToken); break; case "create_token": _CreateToken(cLP, hToken); break; case "delete_driver": _UnInstallDriver(cLP); break; case "detach_filter": Filters.FilterDetach(cLP); break; case "disable_privilege": _AlterPrivilege(cLP, hToken, Winnt.TokenPrivileges.SE_PRIVILEGE_NONE); break; case "enable_privilege": _AlterPrivilege(cLP, hToken, Winnt.TokenPrivileges.SE_PRIVILEGE_ENABLED); break; case "exit": Environment.Exit(0); break; case "find_user_processes": _FindUserProcesses(cLP); break; case "find_user_processes_wmi": _FindUserProcessesWMI(cLP); break; case "getinfo": _Info(cLP, hToken); break; case "getsystem": _GetSystem(cLP, hToken); break; case "get_system": _GetSystem(cLP, hToken); break; case "gettrustedinstaller": _GetTrustedInstaller(cLP, hToken); break; case "get_trustedinstaller": _GetTrustedInstaller(cLP, hToken); break; case "help": _Help(input); break; case "history": console.GetHistory(); break; case "info": _Info(cLP, hToken); break; case "install_driver": _InstallDriver(cLP); break; case "list_filters": _ListFilters(); break; case "list_filter_instances": _ListFiltersInstances(cLP); break; case "list_privileges": _ListPrivileges(cLP, hToken); break; case "logon_user": _LogonUser(cLP, hToken); break; case "nuke_privileges": _NukePrivileges(cLP, hToken); break; case "pid": Console.WriteLine("[+] Process ID: {0}", Process.GetCurrentProcess().Id); Console.WriteLine("[+] Parent ID: {0}", Process.GetCurrentProcess().Parent().Id); break; case "remove_privilege": _AlterPrivilege(cLP, hToken, Winnt.TokenPrivileges.SE_PRIVILEGE_REMOVED); break; case "is_critical_process": _IsCriticalProcess(cLP, hProcess); break; case "set_critical_process": _SetCriticalProcess(cLP, hProcess); break; case "reverttoself": Console.WriteLine(advapi32.RevertToSelf() ? "[*] Reverted token to " + WindowsIdentity.GetCurrent().Name : "[-] RevertToSelf failed"); break; case "run": _Run(cLP); break; case "runas": _RunAsNetOnly(cLP); break; case "runpowershell": _RunPowerShell(cLP); break; case "sample_processes": _SampleProcess(); break; case "sample_processes_wmi": _SampleProcessWMI(); break; case "sessions": UserSessions.EnumerateInteractiveUserSessions(); break; case "start_driver": _StartDriver(cLP); break; case "steal_pipe_token": _StealPipeToken(cLP); break; case "steal_token": _StealToken(cLP, hToken); break; case "tasklist": UserSessions.Tasklist(); break; case "terminate": _Terminate(cLP); break; case "unfreeze_token": _UnfreezeToken(cLP); break; case "uninstall_driver": _UnInstallDriver(cLP); break; case "unload_filter": Filters.Unload(cLP); break; case "whoami": Console.WriteLine("[*] Operating as {0}", WindowsIdentity.GetCurrent().Name); break; default: _Help(input); break; } if (IntPtr.Zero != hToken) { kernel32.CloseHandle(hToken); } } catch (Exception error) { Console.WriteLine(error.ToString()); Misc.GetWin32Error("MainLoop"); } Console.WriteLine(); }