-
Notifications
You must be signed in to change notification settings - Fork 17
/
CheckPrivileges.cs
101 lines (92 loc) · 4.12 KB
/
CheckPrivileges.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
using System;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
namespace TellMeYourSecrets
{
class CheckPrivileges : Base
{
public Boolean croak = false;
////////////////////////////////////////////////////////////////////////////////
//
////////////////////////////////////////////////////////////////////////////////
public Boolean GetSystem()
{
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
if (!currentIdentity.IsSystem)
{
WindowsPrincipal currentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
WriteOutputNeutral("Not running as SYSTEM, checking for Administrator access.");
WriteOutputNeutral(String.Format("Operating as {0}", WindowsIdentity.GetCurrent().Name));
if (CheckAdministrator(currentIdentity))
{
WriteOutputNeutral("Attempting to elevate to SYSTEM");
new Tokens().GetSystem();
if (!WindowsIdentity.GetCurrent().IsSystem)
{
WriteOutputBad("GetSystem Failed");
croak = true;
return false;
}
WriteOutputGood("Running as SYSTEM");
WriteOutput(" ");
return true;
}
else
{
return false;
}
}
else
{
WriteOutputGood("Running as SYSTEM");
return true;
}
}
////////////////////////////////////////////////////////////////////////////////
//https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/
////////////////////////////////////////////////////////////////////////////////
public Boolean CheckAdministrator(WindowsIdentity currentIdentity)
{
if ((new WindowsPrincipal(currentIdentity)).IsInRole(WindowsBuiltInRole.Administrator))
{
WriteOutputGood("Running as Administrator");
return true;
}
IntPtr hToken = currentIdentity.Token;
UInt32 tokenInformationLength = (UInt32)Marshal.SizeOf(typeof(UInt32));
IntPtr tokenInformation = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(UInt32)));
UInt32 returnLength;
Boolean result = advapi32.GetTokenInformation(
hToken,
Enums._TOKEN_INFORMATION_CLASS.TokenElevationType,
tokenInformation,
tokenInformationLength,
out returnLength
);
switch ((Enums.TOKEN_ELEVATION_TYPE)Marshal.ReadInt32(tokenInformation))
{
case Enums.TOKEN_ELEVATION_TYPE.TokenElevationTypeDefault:
WriteOutputBad("TokenElevationTypeDefault");
WriteOutputNeutral("Token: Not Split");
WriteOutputNeutral("ProcessIntegrity: Medium/Low");
return false;
case Enums.TOKEN_ELEVATION_TYPE.TokenElevationTypeFull:
WriteOutputGood("TokenElevationTypeFull");
WriteOutputNeutral("Token: Split");
WriteOutputNeutral("ProcessIntegrity: High");
return true;
case Enums.TOKEN_ELEVATION_TYPE.TokenElevationTypeLimited:
WriteOutputNeutral("TokenElevationTypeLimited");
WriteOutputNeutral("Token: Split");
WriteOutputNeutral("ProcessIntegrity: Medium/Low");
WriteOutputNeutral("Hint: Run as Administrator or Bypass UAC");
return false;
default:
WriteOutputBad("Unknown integrity");
WriteOutputNeutral("Trying anyway");
return true;
}
}
}
}