//////////////////////////////////////////////////////////////////////////////// // Sets a Token to have a specified privilege // http://www.leeholmes.com/blog/2010/09/24/adjusting-token-privileges-in-powershell/ // https://support.microsoft.com/en-us/help/131065/how-to-obtain-a-handle-to-any-process-with-sedebugprivilege //////////////////////////////////////////////////////////////////////////////// public static void SetTokenPrivilege(ref IntPtr hToken, String privilege, Boolean bEnable) { Console.WriteLine("[*] Adjusting Token Privilege"); //////////////////////////////////////////////////////////////////////////////// Structs._LUID luid = new Structs._LUID(); if (!advapi32.LookupPrivilegeValue(null, privilege, ref luid)) { GetError("LookupPrivilegeValue"); return; } Console.WriteLine(" [+] Recieved luid"); //////////////////////////////////////////////////////////////////////////////// Structs._LUID_AND_ATTRIBUTES luidAndAttributes = new Structs._LUID_AND_ATTRIBUTES(); luidAndAttributes.Luid = luid; luidAndAttributes.Attributes = 0; Structs._TOKEN_PRIVILEGES newState = new Structs._TOKEN_PRIVILEGES(); newState.PrivilegeCount = 1; newState.Privileges = luidAndAttributes; Structs._TOKEN_PRIVILEGES previousState = new Structs._TOKEN_PRIVILEGES(); UInt32 returnLength = 0; Console.WriteLine(" [+] AdjustTokenPrivilege Pass 1"); if (!advapi32.AdjustTokenPrivileges(hToken, false, ref newState, (UInt32)Marshal.SizeOf(newState), ref previousState, out returnLength)) { GetError("AdjustTokenPrivileges - 1"); return; } //////////////////////////////////////////////////////////////////////////////// previousState.PrivilegeCount = 1; if (bEnable) { previousState.Privileges.Attributes |= Constants.SE_PRIVILEGE_ENABLED; } else { previousState.Privileges.Attributes ^= (Constants.SE_PRIVILEGE_ENABLED & previousState.Privileges.Attributes); } //////////////////////////////////////////////////////////////////////////////// Structs._TOKEN_PRIVILEGES kluge = new Structs._TOKEN_PRIVILEGES(); Console.WriteLine(" [+] AdjustTokenPrivilege Pass 2"); if (!advapi32.AdjustTokenPrivileges(hToken, false, ref previousState, (UInt32)Marshal.SizeOf(previousState), ref kluge, out returnLength)) { GetError("AdjustTokenPrivileges - 2"); return; } Console.WriteLine(" [+] Adjusted Token to: " + privilege); return; }
//////////////////////////////////////////////////////////////////////////////// // Sets a Token to have a specified privilege // http://www.leeholmes.com/blog/2010/09/24/adjusting-token-privileges-in-powershell/ // https://support.microsoft.com/en-us/help/131065/how-to-obtain-a-handle-to-any-process-with-sedebugprivilege //////////////////////////////////////////////////////////////////////////////// public static void SetTokenPrivilege(ref IntPtr hToken, String privilege) { if (!validPrivileges.Contains(privilege)) { Console.WriteLine("[-] Invalid Privilege Specified"); return; } Console.WriteLine("[*] Adjusting Token Privilege"); //////////////////////////////////////////////////////////////////////////////// Structs._LUID luid = new Structs._LUID(); if (!advapi32.LookupPrivilegeValue(null, privilege, ref luid)) { GetError("LookupPrivilegeValue"); return; } Console.WriteLine(" [+] Received luid"); //////////////////////////////////////////////////////////////////////////////// Structs._LUID_AND_ATTRIBUTES luidAndAttributes = new Structs._LUID_AND_ATTRIBUTES(); luidAndAttributes.Luid = luid; luidAndAttributes.Attributes = Constants.SE_PRIVILEGE_ENABLED; Structs._TOKEN_PRIVILEGES newState = new Structs._TOKEN_PRIVILEGES(); newState.PrivilegeCount = 1; newState.Privileges = luidAndAttributes; Structs._TOKEN_PRIVILEGES previousState = new Structs._TOKEN_PRIVILEGES(); UInt32 returnLength = 0; Console.WriteLine(" [*] AdjustTokenPrivilege"); if (!advapi32.AdjustTokenPrivileges(hToken, false, ref newState, (UInt32)Marshal.SizeOf(newState), ref previousState, out returnLength)) { GetError("AdjustTokenPrivileges"); return; } Console.WriteLine(" [+] Adjusted Token to: " + privilege); return; }