You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
Added
Added flag --remote-impersonation that will spawn the new process with the main thread impersonating the requested user logon. This can facilitate some IL escape scenarios, e.g. elevation from std user -> service user.
Added a new check for identifying if the user logon is limited and suggesting potential higher privileged logon types assigned to the user.
Added a new check when the requested user logon return ERROR_LOGON_TYPE_NOT_GRANTED. Now checking if other logon types are available to the user and print a message if any are found.
Changed
Improved UAC checks for the token got from the user authentication. Now checking both TokenElevation and TokenElevationType.
Improved behavior when creating the user profile. Now detecting if the profile directories have been already created.
Improved Error handling by printing the corresponding error message instead of the error code number.
All duplicated tokens have been downgraded from the unnecessary Delegation level to Impersonation.
Huge refactor of the core function "RunAs", now divided in multiple sub-functions to improve readability (RunasRemoteImpersonation, RunasCreateProcessWithLogonW, RunasCreateProcessWithTokenW, RunasCreateProcessAsUserW).
Bugfixes
Fixed a bug in the user profile creation.
Fixed a bug when flushing the Console for printing output messages properly.
Fixed a bug when enabling all privileges in the new token.
Fixed a bug when checking UAC limitation on Unlock logon types.
Fixed a bug when calling RevertToSelf and the thread was already impersonating.
Fixed a bug by enabling SeImpersonatePrivilege and SeAssignPrimaryTokenPrivilege when the calling process has them disabled.
