def test_security_SD():
hFile = handle(TEST_FILE)
try:
sa = win32security.GetSecurityInfo(hFile, win32security.SE_FILE_OBJECT,
OPTIONS)
assert equal(sa, security.security(sa, options=OPTIONS))
finally:
hFile.Close()
def test_security_HANDLE_no_type():
hFile = handle(TEST_FILE)
try:
assert equal(
win32security.GetSecurityInfo(hFile, win32security.SE_FILE_OBJECT,
OPTIONS),
security.security(hFile, options=OPTIONS))
finally:
hFile.Close()
def open_debug(self, dwProcessId):
process = OpenProcess(262144, 0, dwProcessId)
info = win32security.GetSecurityInfo(win32api.GetCurrentProcess(), 6, 0)
win32security.SetSecurityInfo(process, 6, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, info.GetSecurityDescriptorDacl(), info.GetSecurityDescriptorGroup())
CloseHandle(process)
self.h_process = OpenProcess(2035711, 0, dwProcessId)
if self.h_process:
self.isProcessOpen = True
self.process32 = self.process32_from_id(dwProcessId)
return True
return False
def get_sd(self):
#print "[D] get_sd passed th: %s" % self.get_th()
if not self.sd:
try:
secdesc = win32security.GetSecurityInfo(self.get_th(), win32security.SE_KERNEL_OBJECT, win32security.DACL_SECURITY_INFORMATION | win32security.OWNER_SECURITY_INFORMATION | win32security.GROUP_SECURITY_INFORMATION)
#print "[D] secdesc: %s" % secdesc
self.sd = sd('thread', secdesc)
except:
pass
#print "[D] get_sd returning: %s" % self.sd
return self.sd
def _open(self, dwProcessId, debug=False):
if debug:
process = kernel32.OpenProcess(262144, 0, dwProcessId)
info = win32security.GetSecurityInfo(kernel32.GetCurrentProcess(), 6, 0)
win32security.SetSecurityInfo(process, 6, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, info.GetSecurityDescriptorDacl(), info.GetSecurityDescriptorGroup())
kernel32.CloseHandle(process)
self.h_process = kernel32.OpenProcess(2035711, 0, dwProcessId)
if self.h_process is not None:
self.isProcessOpen = True
self.pid = dwProcessId
return True
return False
def _GetSecurityAttributes(handle) -> win32security.SECURITY_ATTRIBUTES:
"""Returns the security attributes for a handle.
Args:
handle: A handle to an object.
"""
security_descriptor = win32security.GetSecurityInfo(
handle, win32security.SE_WINDOW_OBJECT,
win32security.DACL_SECURITY_INFORMATION)
result = win32security.SECURITY_ATTRIBUTES()
result.SECURITY_DESCRIPTOR = security_descriptor
return result
def get_sd(self):
if not self.sd:
try:
secdesc = win32security.GetSecurityInfo(
self.get_ph(), win32security.SE_KERNEL_OBJECT,
win32security.DACL_SECURITY_INFORMATION
| win32security.OWNER_SECURITY_INFORMATION
| win32security.GROUP_SECURITY_INFORMATION)
self.sd = sd('process', secdesc)
except:
pass
return self.sd
def test_Registry_security(self):
security_information = win32security.OWNER_SECURITY_INFORMATION | win32security.DACL_SECURITY_INFORMATION
key = registry.registry(TEST_KEY)
security = key.security(security_information)
sd = win32security.GetSecurityInfo(
win32api.RegOpenKey(win32con.HKEY_CURRENT_USER,
r"software\winsys"),
win32security.SE_REGISTRY_KEY, security_information)
self.assertEqual(
security.as_string(),
win32security.ConvertSecurityDescriptorToStringSecurityDescriptor(
sd, win32security.SDDL_REVISION_1, security_information))
def test_security_HANDLE_file_type(self):
with self.test_file() as TEST_FILE:
hFile = handle(TEST_FILE)
try:
assert equal(
win32security.GetSecurityInfo(hFile,
win32security.SE_FILE_OBJECT,
OPTIONS),
security.security(hFile,
security.SE_OBJECT_TYPE.FILE_OBJECT,
options=OPTIONS))
finally:
hFile.Close()
def get_sd(self):
if not self.sd:
try:
# TODO also get mandatory label
secdesc = win32security.GetSecurityInfo(
self.get_th(), win32security.SE_KERNEL_OBJECT,
win32security.DACL_SECURITY_INFORMATION
| win32security.OWNER_SECURITY_INFORMATION
| win32security.GROUP_SECURITY_INFORMATION)
self.sd = sd('token', secdesc)
except:
pass
return self.sd
def fixRegistryPermissions(handle):
if DEBUG:
return
# Fix permissions so users can't read this key
v = win32security.GetSecurityInfo(handle, win32security.SE_REGISTRY_KEY, win32security.DACL_SECURITY_INFORMATION)
dacl = v.GetSecurityDescriptorDacl()
n = 0
# Remove all normal users access permissions to the registry key
while n < dacl.GetAceCount():
if unicode(dacl.GetAce(n)[2]) == u'PySID:S-1-5-32-545': # Whell known Users SID
dacl.DeleteAce(n)
else:
n += 1
win32security.SetSecurityInfo(handle, win32security.SE_REGISTRY_KEY,
win32security.DACL_SECURITY_INFORMATION | win32security.PROTECTED_DACL_SECURITY_INFORMATION,
None, None, dacl, None)
def test_Security_from_object_HANDLE():
_event = win32event.CreateEvent(None, 0, 0, GUID)
hEvent = win32event.OpenEvent(
win32event.EVENT_ALL_ACCESS | win32con.ACCESS_SYSTEM_SECURITY, 0, GUID)
try:
s = security.Security.from_object(
hEvent, security.SE_OBJECT_TYPE.KERNEL_OBJECT, options=OPTIONS)
assert equal(
win32security.GetSecurityInfo(hEvent,
win32security.SE_KERNEL_OBJECT,
OPTIONS), s)
assert s.inherit_handle is True
assert s._originating_object == hEvent
assert s._originating_object_type == win32security.SE_KERNEL_OBJECT
finally:
hEvent.Close()
def _AllowObjectAccess(sid, handle, object_type: int,
access_permissions: int) -> None:
"""Allows access to an object by handle.
Args:
sid: A `PySID` representing the SID to grant access to.
handle: A handle to an object.
object_type: A `SE_OBJECT_TYPE` enum value.
access_permissions: The permissions as a set of biflags using the
`ACCESS_MASK` format.
"""
info = win32security.GetSecurityInfo(
handle, object_type, win32security.DACL_SECURITY_INFORMATION)
dacl = info.GetSecurityDescriptorDacl()
_AddPermissionToDacl(dacl, sid, access_permissions)
win32security.SetSecurityInfo(handle, object_type,
win32security.DACL_SECURITY_INFORMATION,
None, None, dacl, None)
def open(self):
if self.process is None:
raise ProcessException("The selected process does not exist")
"""Debug this proccess 3:)"""
process = OpenProcess(262144, 0, self.process.pid)
info = win32security.GetSecurityInfo(GetCurrentProcess(), 6, 0)
win32security.SetSecurityInfo(
process, 6, win32security.DACL_SECURITY_INFORMATION
| win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None,
info.GetSecurityDescriptorDacl(),
info.GetSecurityDescriptorGroup())
CloseHandle(process)
self.h_process = OpenProcess(PAA, False, self.process.pid)
if self.h_process is None:
raise ProcessException("Cannot open this process. (%08x)",
GetLastError())
return True
all_info=win32security.OWNER_SECURITY_INFORMATION|win32security.GROUP_SECURITY_INFORMATION| \
win32security.DACL_SECURITY_INFORMATION|win32security.SACL_SECURITY_INFORMATION
pid = win32api.GetCurrentProcessId()
ph = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, 0, pid)
## PROCESS_ALL_ACCESS does not contain ACCESS_SYSTEM_SECURITY (neccessy to do SACLs)
th = win32security.OpenProcessToken(
ph, win32security.TOKEN_ALL_ACCESS) ##win32con.TOKEN_ADJUST_PRIVILEGES)
old_privs = win32security.AdjustTokenPrivileges(th, 0, new_privs)
my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
pwr_sid = win32security.LookupAccountName('', 'Power Users')[0]
## reopen process with ACCESS_SYSTEM_SECURITY now that sufficent privs are enabled
ph = win32api.OpenProcess(
win32con.PROCESS_ALL_ACCESS | win32con.ACCESS_SYSTEM_SECURITY, 0, pid)
sd = win32security.GetSecurityInfo(ph, win32security.SE_KERNEL_OBJECT,
all_info)
dacl = sd.GetSecurityDescriptorDacl()
if dacl is None:
dacl = win32security.ACL()
sacl = sd.GetSecurityDescriptorSacl()
if sacl is None:
sacl = win32security.ACL()
dacl_ace_cnt = dacl.GetAceCount()
sacl_ace_cnt = sacl.GetAceCount()
dacl.AddAccessAllowedAce(dacl.GetAclRevision(),
win32con.ACCESS_SYSTEM_SECURITY | win32con.WRITE_DAC,
my_sid)
sacl.AddAuditAccessAce(sacl.GetAclRevision(), win32con.GENERIC_ALL, my_sid, 1,
1)
