-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathEnableAllTokenPrivs.cs
122 lines (104 loc) · 4.71 KB
/
EnableAllTokenPrivs.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
using System;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace EnableAllTokenPrivs
{
class EnableAllTokenPrivs
{
[DllImport("kernel32.dll", SetLastError = true)]
internal static extern IntPtr OpenProcess(uint DesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool OpenProcessToken(IntPtr ProcessHandle, uint DesiredAccess, ref IntPtr TokenHandle);
private const UInt32 PROCESS_QUERY_LIMITED_INFORMATION = 0x1000;
private static void printUsage()
{
Console.Write(
"EnableAllTokenPrivs.exe -> Enable/Disable TokenPrivilege(s)\n" +
"By default, this program will enable all disabled TokenPrivileges of the parent / calling process\n" +
"Options:\n" +
"-p --pid 6969".PadRight(40) + "enable/disable privilege(s) of a process\n" +
"-d --disable".PadRight(40) + "disable privilege(s)\n" +
"-P --privilege SeDebugPrivilege".PadRight(40) + "enable/disable only one specific privilege\n" +
"-l --list".PadRight(40) + "list privileges\n" +
"-h --help".PadRight(40) + "print help (this output)\n"
);
}
public static void Main(string[] args)
{
bool disable = false;
int processId = -1;
string privilege = "";
bool listPrivs = false;
try {
for (int ctr = 0; ctr < args.Length; ctr++)
{
switch(args[ctr])
{
case "-h":
case "--help":
printUsage();
return;
case "-p":
case "--pid":
processId = int.Parse(args[++ctr]);
break;
case "-d":
case "--disable":
disable = true;
break;
case "-P":
case "--privilege":
privilege = args[++ctr];
break;
case "-l":
case "--list":
listPrivs = true;
break;
default:
break;
}
}
} catch (IndexOutOfRangeException) {
Console.Error.Write("[-] Invalid arguments. Use --help for additional help.");
} catch (Exception ex) {
Console.Error.Write($"[-] {ex.Message}");
}
IntPtr hProcess = new IntPtr();
if (processId == -1) {
hProcess = ProcessChild.GetParentProcess().Handle;
} else {
try {
hProcess = Process.GetProcessById(processId).Handle;
} catch {
hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, processId);
if (hProcess.Equals(-1)) {
throw new Exception("OpenProcess failed. Error: " + Marshal.GetLastWin32Error());
}
}
}
IntPtr hToken = IntPtr.Zero;
if (listPrivs == true)
{
if (!OpenProcessToken(hProcess, (AccessToken.TOKEN_QUERY), ref hToken))
throw new Exception("OpenProcessToken failed. Error: " + Marshal.GetLastWin32Error());
AccessToken.TOKEN_PRIVILEGES TokenPrivileges = AccessToken.GetTokenPrivileges(hToken);
AccessToken.PrintTokenPrivileges(TokenPrivileges);
return;
}
if (!OpenProcessToken(hProcess, (AccessToken.TOKEN_ADJUST_PRIVILEGES | AccessToken.TOKEN_QUERY), ref hToken))
throw new Exception("OpenProcessToken failed. Error: " + Marshal.GetLastWin32Error());
if (privilege.Length > 0)
{
AccessToken.SetTokenPrivilege(hToken, disable, privilege);
return;
}
if (privilege.Length == 0)
{
AccessToken.SetAllTokenPrivileges(hToken, disable);
return;
}
}
}
}
// sliver has this functionality too but doesnt expose the operator an interface to enable/disable privileges.
// https://github.com/BishopFox/sliver/blob/master/implant/sliver/priv/priv_windows.go