wintoken

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2024 License: MIT Imports: 5 Imported by: 0

README

wintoken

Windows Token Manipulation in Go

Wintoken abstracts away windows token manipulation functions with functions you are more likely to use. The library exposes easy-to-use functions to steal tokens, enable/disable privileges, and grab interactive and linked tokens.

Read more here: Manipulating Windows Tokens With Go

Install

  • Go
    • Requires Go to be installed on system. Tested on Go1.16+.
    • go get github.com/jetrmm/go-wintoken

Usage

  • To steal a token from a process, you can use OpenProcessToken and supply the PID and the type of token that you want
package main

import (
	"os/exec"
	"syscall"

	"github.com/jetrmm/go-wintoken"
)

func main() {
	token, err := wintoken.OpenProcessToken(1234, wintoken.TokenPrimary) //pass 0 for own process
	if err != nil {
		panic(err)
	}
	defer token.Close()

	//Now you can use the token anywhere you would like
	cmd := exec.Command("/path/to/binary")
	cmd.SysProcAttr = &syscall.SysProcAttr{Token: syscall.Token(token.Token())}
}
  • If you want the elevated interactive token for the currently logged in user, you can call GetInteractiveToken with TokenLinked as parameter
package main

import (
	"os/exec"
	"syscall"

	"github.com/jetrmm/go-wintoken"
)

func main() {
	//You can get an interactive token(if you are running as a service)
	//and specify that you want the linked token(elevated) in the same line
	token, err := wintoken.GetInteractiveToken(wintoken.TokenLinked)
	if err != nil {
		panic(err)
	}
	defer token.Close()

	//Now you can use the token anywhere you would like
	cmd := exec.Command("/path/to/binary")
	cmd.SysProcAttr = &syscall.SysProcAttr{Token: syscall.Token(token.Token())}
}
  • Once you have a token, you can query information from this token such as its privileges, integrity levels, associated user details, etc.
package main

import (
	"fmt"

	"github.com/jetrmm/go-wintoken"
)

func main() {
	token, err := wintoken.OpenProcessToken(1234, wintoken.TokenPrimary)
	if err != nil {
		panic(err)
	}
	defer token.Close()

	fmt.Println(token.GetPrivileges())
	fmt.Println(token.GetIntegrityLevel())
	fmt.Println(token.UserDetails())
}
  • You can Enable, Disable, and Remove privileges in a simple manner
package main

import(
	"github.com/jetrmm/go-wintoken"
)

func main(){
	token, err := wintoken.OpenProcessToken(1234, wintoken.TokenPrimary)
	if err != nil {
		panic(err)
	}
	//Enable, Disable, or Remove privileges in one line
	token.EnableAllPrivileges()
	token.DisableTokenPrivileges([]string{"SeShutdownPrivilege", "SeTimeZonePrivilege"})
	token.RemoveTokenPrivilege("SeUndockPrivilege")
}

Documentation

Overview

wintoken abstracts away windows token manipulation functions with functions you are more likely to use. The library exposes easy-to-use functions to steal tokens, enable/disable privileges, and grab interactive and linked tokens.

Index

Constants

View Source 
const (
	PrivDisable privModType = iota
	PrivEnable
	PrivRemove
)
View Source 
const (
	TokenPrimary tokenType
	TokenImpersonation
	TokenLinked
)
View Source 
const (
	WTS_CURRENT_SERVER_HANDLE windows.Handle = 0
)

Variables

View Source 
var (
	ErrNoActiveSession                      error = fmt.Errorf("no active session found")
	ErrInvalidDuplicatedToken               error = fmt.Errorf("invalid duplicated token")
	ErrOnlyPrimaryImpersonationTokenAllowed error = fmt.Errorf("only primary or impersonation token types allowed")
	ErrNoPrivilegesSpecified                error = fmt.Errorf("no privileges specified")
	ErrTokenClosed                          error = fmt.Errorf("token has been closed")
)

Functions

This section is empty.

Types

type Privilege 

type Privilege struct {
	Name             string
	Description      string
	Enabled          bool
	EnabledByDefault bool
	Removed          bool
	UsedForAccess    bool
}

Privilege is the structure which exposes privilege details Details contain Name, Description, Enabled, EnabledByDefault, Removed, UsedForAccess

func (Privilege) String 

func (p Privilege) String() string

type Token 

type Token struct {
	// contains filtered or unexported fields
}

func GetInteractiveToken 

func GetInteractiveToken(tokenType tokenType) (*Token, error)

GetInteractiveToken gets the interactive token associated with current logged in user It uses windows API WTSEnumerateSessions, WTSQueryUserToken and DuplicateTokenEx to return a valid wintoken

func NewToken 

func NewToken(token windows.Token, typ tokenType) *Token

NewToken can be used to supply your own token for the wintoken struct so you can use the same flexiblity provided by the package

func OpenProcessToken 

func OpenProcessToken(pid int, tokenType tokenType) (*Token, error)

OpenProcessToken opens a process token using PID, pass 0 as PID for self token

func (*Token) Close 

func (t *Token) Close()

Close closes the underlying token

func (*Token) DisableAllPrivileges 

func (t *Token) DisableAllPrivileges() error

DisableAllPrivileges disables all privileges in the token

func (*Token) DisableTokenPrivilege 

func (t *Token) DisableTokenPrivilege(priv string) error

DisableTokenPrivilege disables token privileges by privilege name

func (*Token) DisableTokenPrivileges 

func (t *Token) DisableTokenPrivileges(privs []string) error

DisableTokenPrivileges disables token privileges by list of privilege names

func (*Token) EnableAllPrivileges 

func (t *Token) EnableAllPrivileges() error

EnableAllPrivileges enables all privileges in the token

func (*Token) EnableTokenPrivilege 

func (t *Token) EnableTokenPrivilege(priv string) error

EnableTokenPrivileges enables token privileges by privilege name

func (*Token) EnableTokenPrivileges 

func (t *Token) EnableTokenPrivileges(privs []string) error

EnableTokenPrivileges enables token privileges by list of privilege names

func (*Token) GetIntegrityLevel 

func (t *Token) GetIntegrityLevel() (string, error)

GetIntegrityLevel is used to get integrity level of the token

func (*Token) GetLinkedToken 

func (t *Token) GetLinkedToken() (*Token, error)

GetLinkedToken is used to get the linked token if any

func (*Token) GetPrivileges 

func (t *Token) GetPrivileges() ([]Privilege, error)

GetPrivileges lists all Privileges from the token

func (*Token) RemoveAllPrivileges 

func (t *Token) RemoveAllPrivileges() error

RemoveAllPrivileges removes all privileges from the token

func (*Token) RemoveTokenPrivilege 

func (t *Token) RemoveTokenPrivilege(priv string) error

RemoveTokenPrivilege removes token privileges by privilege name

func (*Token) RemoveTokenPrivileges 

func (t *Token) RemoveTokenPrivileges(privs []string) error

RemoveTokenPrivileges removes token privileges by list of privilege names

func (*Token) Token 

func (t *Token) Token() windows.Token

Token returns the underlying token for use

func (*Token) UserDetails 

func (t *Token) UserDetails() (TokenUserDetail, error)

UserDetails gets User details associated with token

type TokenUserDetail 

type TokenUserDetail struct {
	Username       string
	Domain         string
	AccountType    uint32
	UserProfileDir string
	Environ        []string
}

TokenUserDetail is the structure that exposes token details Details contain Username, Domain, Account Type, User Profile Directory, Environment

func (TokenUserDetail) String 

func (t TokenUserDetail) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.