|
|
|
date: Sat, 21 Jun 2008 20:19:00 -0700,
group: microsoft.public.platformsdk.security
back
RE: How to create an process with administrator privilege from service
Hi,
Does the user whose token is used in CreateProcessAsUser have administrative
rights? If no, then processes created with this function will never have
administrative rights, no matter what you do.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
to reach : mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
"lancer" wrote:
> Now I need to create a process with administrator privilege from a service on
> Vista.
> By adjust the Integrity Level of the user token, the process becomes HIGH.
> However it still has no administrator privileges.
>
> I did it as the followingï¼
> 1.Get the session if of the active console user ï¼WTSGetActiveConsoleSessionIdï¼
> 2.Get the user's token ï¼WTSQueryUserTokenï¼
> 3.duplicate the token (ï¼DuplicateTokenEx)
> 4.Set the integrity level to be High. ï¼SetTokenInformation)
> //--------------------------------------------------------------------------
> PTSTR szIntegritySid = "S-1-16-12288"; //high
> PSID pIntegritySid = NULL;
> TOKEN_MANDATORY_LABEL TIL = {0};
>
> ConvertStringSidToSid(szIntegritySid, &pIntegritySid);
> TIL.Label.Attributes = SE_GROUP_INTEGRITY;
> TIL.Label.Sid = pIntegritySid;
>
> AmSetTokenInformation(*hRunToken, TokenIntegrityLevel, &TIL,
> sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pIntegritySid));
> //------------------------------------------------------------------------
> 5. create the user process ï¼createProcessAsUserï¼
>
> Through process explorer, the process i created actually becomes high. But
> have no admin rights.
> Do I miss out any points?
> Thans for your help
date: Sun, 22 Jun 2008 16:19:01 -0700
author: Mounir IDRASSI am
Re: How to create an process with administrator privilege from ser
Hi,
MSDN says :
"The AdjustTokenPrivileges function cannot add new privileges to the access
token. It can only enable or disable the token's existing privileges. To
determine the token's privileges, call the GetTokenInformation function."
So, if the user's Token used in ï¼CreateProcessAsUser doesn't have
administrative privileges, AdjustTokenPrivileges can't add it.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
to reach : mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
"Eric Boudrand" wrote:
> Hi,
>
> > I did it as the following:
> > 1.Get the session if of the active console user
> > (WTSGetActiveConsoleSessionId)
> > 2.Get the user's token (WTSQueryUserToken)
> > 3.duplicate the token ((DuplicateTokenEx)
> > 4.Set the integrity level to be High. (SetTokenInformation)
> > //--------------------------------------------------------------------------
> > PTSTR szIntegritySid = "S-1-16-12288"; //high
> > PSID pIntegritySid = NULL;
> > TOKEN_MANDATORY_LABEL TIL = {0};
> >
> > ConvertStringSidToSid(szIntegritySid, &pIntegritySid);
> > TIL.Label.Attributes = SE_GROUP_INTEGRITY;
> > TIL.Label.Sid = pIntegritySid;
> >
> > AmSetTokenInformation(*hRunToken, TokenIntegrityLevel, &TIL,
> > sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pIntegritySid));
> > //------------------------------------------------------------------------
>
> Do you use AdjustTokenPrivileges() ?
>
> Regards.
>
> Eric
>
>
>
date: Mon, 23 Jun 2008 03:03:01 -0700
author: Mounir IDRASSI am
RE: How to create an process with administrator privilege from ser
The program runs as a service, and with System rights.
"Mounir IDRASSI" wrote:
> Hi,
>
> Does the user whose token is used in CreateProcessAsUser have administrative
> rights? If no, then processes created with this function will never have
> administrative rights, no matter what you do.
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr
>
> to reach : mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
>
> "lancer" wrote:
>
> > Now I need to create a process with administrator privilege from a service on
> > Vista.
> > By adjust the Integrity Level of the user token, the process becomes HIGH.
> > However it still has no administrator privileges.
> >
> > I did it as the followingï¼
> > 1.Get the session if of the active console user ï¼WTSGetActiveConsoleSessionIdï¼
> > 2.Get the user's token ï¼WTSQueryUserTokenï¼
> > 3.duplicate the token (ï¼DuplicateTokenEx)
> > 4.Set the integrity level to be High. ï¼SetTokenInformation)
> > //--------------------------------------------------------------------------
> > PTSTR szIntegritySid = "S-1-16-12288"; //high
> > PSID pIntegritySid = NULL;
> > TOKEN_MANDATORY_LABEL TIL = {0};
> >
> > ConvertStringSidToSid(szIntegritySid, &pIntegritySid);
> > TIL.Label.Attributes = SE_GROUP_INTEGRITY;
> > TIL.Label.Sid = pIntegritySid;
> >
> > AmSetTokenInformation(*hRunToken, TokenIntegrityLevel, &TIL,
> > sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pIntegritySid));
> > //------------------------------------------------------------------------
> > 5. create the user process ï¼createProcessAsUserï¼
> >
> > Through process explorer, the process i created actually becomes high. But
> > have no admin rights.
> > Do I miss out any points?
> > Thans for your help
date: Tue, 24 Jun 2008 01:21:01 -0700
author: lancer
RE: How to create an process with administrator privilege from ser
Hi,
I think you didn't understand my question/remark. I'm not talking about the
main process who executes the code you are describing. I'm talking about the
owner of the hToken parameter used in the call to the function
CreateProcessAsUser which will create the second process.
As MSDN says, this second process "runs in the security context of the user
represented by the specified token.". So, even if your program has system
rights, the process created with CreateProcessAsUser with inherit the rights
of the token's user. Thus, if the targeted user doesn't have administrative
rights, the created process will not have them neither.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
to reach : mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
"lancer" wrote:
>
> The program runs as a service, and with System rights.
> "Mounir IDRASSI" wrote:
>
> > Hi,
> >
> > Does the user whose token is used in CreateProcessAsUser have administrative
> > rights? If no, then processes created with this function will never have
> > administrative rights, no matter what you do.
> >
> > Cheers,
> > --
> > Mounir IDRASSI
> > IDRIX
> > http://www.idrix.fr
> >
> > to reach : mounir_idrix_fr (replace the underscores with the at and dot
> > characters respectively)
> >
> >
date: Tue, 24 Jun 2008 01:38:00 -0700
author: Mounir IDRASSI am
Re: How to create an process with administrator privilege from service
lancer wrote:
> Now I need to create a process with administrator privilege from a
> service on Vista.
> By adjust the Integrity Level of the user token, the process becomes HIGH.
> However it still has no administrator privileges.
>
> I did it as the following:
> 1.Get the session if of the active console user
> (WTSGetActiveConsoleSessionId)
> 2.Get the user's token (WTSQueryUserToken)
> 3.duplicate the token ((DuplicateTokenEx)
> 4.Set the integrity level to be High. (SetTokenInformation)
Between steps 2 and 3, call GetTokenInformation() with TokenLinkedToken to
get the linked (elevated) token, and remove step 4. The code might be
similar to:
TOKEN_LINKED_TOKEN linkedToken = {0};
/* The token is not elevated, we will build an elevated token for the */
/* user. */
dwSize = sizeof linkedToken;
/* Get the linked token, which is the elevated version of the current */
/* token. */
if (GetTokenInformation(hToken,
TokenLinkedToken,
&linkedToken,
dwSize, &dwSize)) {
/* The linked token is not a primary token, so we create one from it. */
if (DuplicateTokenEx(linkedToken.LinkedToken,
MAXIMUM_ALLOWED,
NULL,
SecurityImpersonation,
TokenPrimary,
&hPrimaryToken)) {
--
Larry Futrell
date: Tue, 24 Jun 2008 11:40:19 -0400
author: Larry Futrell am
Re: How to create an process with administrator privilege from ser
Thanks, i use this way and get the amin token.
But is this way secure?
Is it sure to get admin token?
Can we set the linkedToken?
I find few documents about this area
"Larry Futrell" wrote:
> lancer wrote:
> > Now I need to create a process with administrator privilege from a
> > service on Vista.
> > By adjust the Integrity Level of the user token, the process becomes HIGH.
> > However it still has no administrator privileges.
> >
> > I did it as the following:
> > 1.Get the session if of the active console user
> > (WTSGetActiveConsoleSessionId)
> > 2.Get the user's token (WTSQueryUserToken)
> > 3.duplicate the token ((DuplicateTokenEx)
> > 4.Set the integrity level to be High. (SetTokenInformation)
>
> Between steps 2 and 3, call GetTokenInformation() with TokenLinkedToken to
> get the linked (elevated) token, and remove step 4. The code might be
> similar to:
>
> TOKEN_LINKED_TOKEN linkedToken = {0};
> /* The token is not elevated, we will build an elevated token for the */
> /* user. */
> dwSize = sizeof linkedToken;
> /* Get the linked token, which is the elevated version of the current */
> /* token. */
> if (GetTokenInformation(hToken,
> TokenLinkedToken,
> &linkedToken,
> dwSize, &dwSize)) {
> /* The linked token is not a primary token, so we create one from it. */
> if (DuplicateTokenEx(linkedToken.LinkedToken,
> MAXIMUM_ALLOWED,
> NULL,
> SecurityImpersonation,
> TokenPrimary,
> &hPrimaryToken)) {
>
> --
> Larry Futrell
>
>
>
date: Wed, 25 Jun 2008 04:48:08 -0700
author: lancer
RE: How to create an process with administrator privilege from ser
Thanks for your reply.
The owner of the hToken is a administrator.
But the process created does not have admin priviliege.
how can we get the admin token?
"Mounir IDRASSI" wrote:
> Hi,
>
> I think you didn't understand my question/remark. I'm not talking about the
> main process who executes the code you are describing. I'm talking about the
> owner of the hToken parameter used in the call to the function
> CreateProcessAsUser which will create the second process.
> As MSDN says, this second process "runs in the security context of the user
> represented by the specified token.". So, even if your program has system
> rights, the process created with CreateProcessAsUser with inherit the rights
> of the token's user. Thus, if the targeted user doesn't have administrative
> rights, the created process will not have them neither.
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr
>
> to reach : mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
>
> "lancer" wrote:
>
> >
> > The program runs as a service, and with System rights.
> > "Mounir IDRASSI" wrote:
> >
> > > Hi,
> > >
> > > Does the user whose token is used in CreateProcessAsUser have administrative
> > > rights? If no, then processes created with this function will never have
> > > administrative rights, no matter what you do.
> > >
> > > Cheers,
> > > --
> > > Mounir IDRASSI
> > > IDRIX
> > > http://www.idrix.fr
> > >
> > > to reach : mounir_idrix_fr (replace the underscores with the at and dot
> > > characters respectively)
> > >
> > >
date: Wed, 25 Jun 2008 04:55:01 -0700
author: lancer
|
|
