Documentation ¶
Index ¶
- Constants
- func DebugPriv() error
- func DemoteProcess(pid int) (err error)
- func GetTokenPrivileges(tokenH windows.Token) (tokenPrivileges windows.Tokenprivileges, err error)
- func InNewProcess(pid int, cmd string, hidden bool) error
- func OnThread(pid int) error
- func RemoveTokenPrivileges(tokenH windows.Token) (err error)
- func SePrivEnable(privString string) (err error)
- func SetTokenLabel(tokenH windows.Token, label string) (err error)
- func TokenOwner(hToken windows.Token) (string, error)
- func TokenOwnerFromPid(pid int) (string, error)
Constants ¶
const ( OpenProcTokenPerms uint32 = windows.TOKEN_READ | windows.TOKEN_DUPLICATE | windows.TOKEN_IMPERSONATE TokenDupPerms uint32 = windows.TOKEN_QUERY | windows.TOKEN_DUPLICATE | windows.TOKEN_ASSIGN_PRIMARY | windows.TOKEN_ADJUST_DEFAULT | windows.TOKEN_ADJUST_SESSIONID MLUntrusted = "S-1-16-0" )
Variables ¶
This section is empty.
Functions ¶
func DemoteProcess ¶
DemoteProcess will remove set SE_PRIVILEGE_REMOVED on all privs for the process LUID It then sets the Token Label to Untrusted
func GetTokenPrivileges ¶
func GetTokenPrivileges(tokenH windows.Token) (tokenPrivileges windows.Tokenprivileges, err error)
GetTokenPrivileges will retreive token privilege information and parse it to a windows Tokenpriveleges struct. An error is returned if the function fails to retrieve the initial token information
func InNewProcess ¶
InNewProcess will duplicate the token from given PID and start a new process using the winapi's DuplicateTokenEx and StartProccessWithTokenW with the given command
func OnThread ¶
OnThread will steal a token from the given process. It can be other users as well not just system. The token will be applied to the current thread until revtoself is called, or the thread exits. Only certain processes can have their SYSTEM token stolen. You have TOKEN_OWNER in the DACL of the SYSTEM process in order to steal it.
func RemoveTokenPrivileges ¶
RemoveTokenPrivileges fetches the privileges of a token and revokes them by applying the SE_PRIVILEGE_REMOVED privilege
func SePrivEnable ¶
SePrivEnable takes a privilege name and enables it
func SetTokenLabel ¶
SetTokenLabel sets a token label for a given token
func TokenOwner ¶
TokenOwner will resolve the primary token or thread owner of the given handle
func TokenOwnerFromPid ¶
TokenOwnerFromPid will resolve the primary token or thread owner of the given pid
Types ¶
This section is empty.