Created
February 2, 2009 02:43
-
-
Save tonetheman/56750 to your computer and use it in GitHub Desktop.
win32 security testing in python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import win32api | |
import win32security | |
import win32process | |
import pywintypes | |
def attempt_to_logon(): | |
username = "junk" | |
password = "junk" | |
try: | |
hUser = win32security.LogonUser(username, None, | |
password, win32security.LOGON32_LOGON_INTERACTIVE, | |
win32security.LOGON32_PROVIDER_DEFAULT) | |
except win32security.error: | |
print "unable to logon" | |
return None | |
return hUser | |
def run_as_user(hUser): | |
startup = win32process.STARTUPINFO() | |
try: | |
result = win32process.CreateProcessAsUser(hUser, | |
None,# appName | |
"c:\\windows\\notepad.exe", # commandLine | |
None, # process attrs | |
None, # thread attrs | |
0, # inherit handles | |
0, # create flags | |
None, # new environment dict | |
None, # current directory | |
startup) # startup info | |
print result | |
except pywintypes.error, (errcode, method, msg): | |
print errcode, method, msg | |
def print_info(hUser): | |
print "print privs" | |
print win32security.GetTokenInformation(hUser, | |
win32security.TokenPrivileges) | |
def AdjustPriv(priv, enable=1): | |
flags = win32security.TOKEN_ADJUST_PRIVILEGES | win32security.TOKEN_QUERY | |
htoken = win32security.OpenProcessToken( | |
win32api.GetCurrentProcess(),flags) | |
id = win32security.LookupPrivilegeValue(None,priv) | |
if enable: | |
newPriv = [(id, win32security.SE_PRIVILEGE_ENABLED)] | |
else: | |
newPriv = [(id,0)] | |
win32security.AdjustTokenPrivileges(htoken, 0, newPriv) | |
AdjustPriv(win32security.SE_TCB_NAME) | |
AdjustPriv(win32security.SE_ASSIGNPRIMARYTOKEN_NAME) | |
AdjustPriv(win32security.SE_INCREASE_QUOTA_NAME) | |
hUser = attempt_to_logon() | |
# print_info(hUser) | |
run_as_user(hUser) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I run it in my desktop.But still got "1314 CreateProcessAsUser A required privilege is not held by the client."
I'am administrator and I give "Replace a process level token"