示例#1
0
        ////////////////////////////////////////////////////////////////////////////////
        // Mainloop
        ////////////////////////////////////////////////////////////////////////////////
        internal void Run()
        {
            try
            {
                Console.Write(context);
                string input;
                if (activateTabs)
                {
                    try
                    {
                        input = console.ReadLine();
                    }
                    catch (InvalidOperationException)
                    {
                        input = Console.ReadLine();
                    }
                }
                else
                {
                    input = Console.ReadLine();
                }

                IntPtr hToken, tempToken;
                hToken = tempToken = IntPtr.Zero;

                bool remote = _GetProcessID(input, out processID, out command);
                if (!remote)
                {
                    hProcess = hBackup;
                    kernel32.OpenProcessToken(hProcess, Winnt.TOKEN_ALL_ACCESS, out hToken);
                    if (IntPtr.Zero == hToken)
                    {
                        Console.WriteLine("[-] Opening Process Token Failed, Opening Thread Token");
                        IntPtr hThread = kernel32.GetCurrentThread();
                        kernel32.OpenThreadToken(hThread, Winnt.TOKEN_ALL_ACCESS, true, ref hToken);
                        if (IntPtr.Zero == hToken)
                        {
                            Console.WriteLine("[-] Opening Thread Token Failed, Recommend RevertToSelf");
                        }
                    }
                }
                string             action = Misc.NextItem(ref input);
                CommandLineParsing cLP    = new CommandLineParsing();
                if (!string.Equals(action, input, StringComparison.OrdinalIgnoreCase))
                {
                    if (!cLP.Parse(input))
                    {
                        return;
                    }
                }

                switch (action)
                {
                case "add_group":
                    _AddGroup(cLP, hToken);
                    break;

                case "add_privilege":
                    _AddPrivilege(cLP);
                    break;

                case "bypassuac":
                    _BypassUAC(cLP, hToken);
                    break;

                case "clear_desktop_acl":
                    _ClearDesktopACL();
                    break;

                case "clone_token":
                    _CloneToken(cLP, hToken);
                    break;

                case "create_token":
                    _CreateToken(cLP, hToken);
                    break;

                case "delete_driver":
                    _UnInstallDriver(cLP);
                    break;

                case "detach_filter":
                    Filters.FilterDetach(cLP);
                    break;

                case "disable_privilege":
                    _AlterPrivilege(cLP, hToken, Winnt.TokenPrivileges.SE_PRIVILEGE_NONE);
                    break;

                case "enable_privilege":
                    _AlterPrivilege(cLP, hToken, Winnt.TokenPrivileges.SE_PRIVILEGE_ENABLED);
                    break;

                case "exit":
                    Environment.Exit(0);
                    break;

                case "find_user_processes":
                    _FindUserProcesses(cLP);
                    break;

                case "find_user_processes_wmi":
                    _FindUserProcessesWMI(cLP);
                    break;

                case "getinfo":
                    _Info(cLP, hToken);
                    break;

                case "getsystem":
                    _GetSystem(cLP, hToken);
                    break;

                case "get_system":
                    _GetSystem(cLP, hToken);
                    break;

                case "gettrustedinstaller":
                    _GetTrustedInstaller(cLP, hToken);
                    break;

                case "get_trustedinstaller":
                    _GetTrustedInstaller(cLP, hToken);
                    break;

                case "help":
                    _Help(input);
                    break;

                case "history":
                    console.GetHistory();
                    break;

                case "info":
                    _Info(cLP, hToken);
                    break;

                case "install_driver":
                    _InstallDriver(cLP);
                    break;

                case "list_filters":
                    _ListFilters();
                    break;

                case "list_filter_instances":
                    _ListFiltersInstances(cLP);
                    break;

                case "list_privileges":
                    _ListPrivileges(cLP, hToken);
                    break;

                case "logon_user":
                    _LogonUser(cLP, hToken);
                    break;

                case "nuke_privileges":
                    _NukePrivileges(cLP, hToken);
                    break;

                case "pid":
                    Console.WriteLine("[+] Process ID: {0}", Process.GetCurrentProcess().Id);
                    Console.WriteLine("[+] Parent ID:  {0}", Process.GetCurrentProcess().Parent().Id);
                    break;

                case "remove_privilege":
                    _AlterPrivilege(cLP, hToken, Winnt.TokenPrivileges.SE_PRIVILEGE_REMOVED);
                    break;

                case "is_critical_process":
                    _IsCriticalProcess(cLP, hProcess);
                    break;

                case "set_critical_process":
                    _SetCriticalProcess(cLP, hProcess);
                    break;

                case "reverttoself":
                    Console.WriteLine(advapi32.RevertToSelf() ? "[*] Reverted token to " + WindowsIdentity.GetCurrent().Name : "[-] RevertToSelf failed");
                    break;

                case "run":
                    _Run(cLP);
                    break;

                case "runas":
                    _RunAsNetOnly(cLP);
                    break;

                case "runpowershell":
                    _RunPowerShell(cLP);
                    break;

                case "sample_processes":
                    _SampleProcess();
                    break;

                case "sample_processes_wmi":
                    _SampleProcessWMI();
                    break;

                case "sessions":
                    UserSessions.EnumerateInteractiveUserSessions();
                    break;

                case "start_driver":
                    _StartDriver(cLP);
                    break;

                case "steal_pipe_token":
                    _StealPipeToken(cLP);
                    break;

                case "steal_token":
                    _StealToken(cLP, hToken);
                    break;

                case "tasklist":
                    UserSessions.Tasklist();
                    break;

                case "terminate":
                    _Terminate(cLP);
                    break;

                case "unfreeze_token":
                    _UnfreezeToken(cLP);
                    break;

                case "uninstall_driver":
                    _UnInstallDriver(cLP);
                    break;

                case "unload_filter":
                    Filters.Unload(cLP);
                    break;

                case "whoami":
                    Console.WriteLine("[*] Operating as {0}", WindowsIdentity.GetCurrent().Name);
                    break;

                default:
                    _Help(input);
                    break;
                }

                if (IntPtr.Zero != hToken)
                {
                    kernel32.CloseHandle(hToken);
                }
            }
            catch (Exception error)
            {
                Console.WriteLine(error.ToString());
                Misc.GetWin32Error("MainLoop");
            }
            Console.WriteLine();
        }