def test_security_SD(): hFile = handle(TEST_FILE) try: sa = win32security.GetSecurityInfo(hFile, win32security.SE_FILE_OBJECT, OPTIONS) assert equal(sa, security.security(sa, options=OPTIONS)) finally: hFile.Close()
def test_security_HANDLE_no_type(): hFile = handle(TEST_FILE) try: assert equal( win32security.GetSecurityInfo(hFile, win32security.SE_FILE_OBJECT, OPTIONS), security.security(hFile, options=OPTIONS)) finally: hFile.Close()
def open_debug(self, dwProcessId): process = OpenProcess(262144, 0, dwProcessId) info = win32security.GetSecurityInfo(win32api.GetCurrentProcess(), 6, 0) win32security.SetSecurityInfo(process, 6, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, info.GetSecurityDescriptorDacl(), info.GetSecurityDescriptorGroup()) CloseHandle(process) self.h_process = OpenProcess(2035711, 0, dwProcessId) if self.h_process: self.isProcessOpen = True self.process32 = self.process32_from_id(dwProcessId) return True return False
def get_sd(self): #print "[D] get_sd passed th: %s" % self.get_th() if not self.sd: try: secdesc = win32security.GetSecurityInfo(self.get_th(), win32security.SE_KERNEL_OBJECT, win32security.DACL_SECURITY_INFORMATION | win32security.OWNER_SECURITY_INFORMATION | win32security.GROUP_SECURITY_INFORMATION) #print "[D] secdesc: %s" % secdesc self.sd = sd('thread', secdesc) except: pass #print "[D] get_sd returning: %s" % self.sd return self.sd
def _open(self, dwProcessId, debug=False): if debug: process = kernel32.OpenProcess(262144, 0, dwProcessId) info = win32security.GetSecurityInfo(kernel32.GetCurrentProcess(), 6, 0) win32security.SetSecurityInfo(process, 6, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, info.GetSecurityDescriptorDacl(), info.GetSecurityDescriptorGroup()) kernel32.CloseHandle(process) self.h_process = kernel32.OpenProcess(2035711, 0, dwProcessId) if self.h_process is not None: self.isProcessOpen = True self.pid = dwProcessId return True return False
def _GetSecurityAttributes(handle) -> win32security.SECURITY_ATTRIBUTES: """Returns the security attributes for a handle. Args: handle: A handle to an object. """ security_descriptor = win32security.GetSecurityInfo( handle, win32security.SE_WINDOW_OBJECT, win32security.DACL_SECURITY_INFORMATION) result = win32security.SECURITY_ATTRIBUTES() result.SECURITY_DESCRIPTOR = security_descriptor return result
def get_sd(self): if not self.sd: try: secdesc = win32security.GetSecurityInfo( self.get_ph(), win32security.SE_KERNEL_OBJECT, win32security.DACL_SECURITY_INFORMATION | win32security.OWNER_SECURITY_INFORMATION | win32security.GROUP_SECURITY_INFORMATION) self.sd = sd('process', secdesc) except: pass return self.sd
def test_Registry_security(self): security_information = win32security.OWNER_SECURITY_INFORMATION | win32security.DACL_SECURITY_INFORMATION key = registry.registry(TEST_KEY) security = key.security(security_information) sd = win32security.GetSecurityInfo( win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, r"software\winsys"), win32security.SE_REGISTRY_KEY, security_information) self.assertEqual( security.as_string(), win32security.ConvertSecurityDescriptorToStringSecurityDescriptor( sd, win32security.SDDL_REVISION_1, security_information))
def test_security_HANDLE_file_type(self): with self.test_file() as TEST_FILE: hFile = handle(TEST_FILE) try: assert equal( win32security.GetSecurityInfo(hFile, win32security.SE_FILE_OBJECT, OPTIONS), security.security(hFile, security.SE_OBJECT_TYPE.FILE_OBJECT, options=OPTIONS)) finally: hFile.Close()
def get_sd(self): if not self.sd: try: # TODO also get mandatory label secdesc = win32security.GetSecurityInfo( self.get_th(), win32security.SE_KERNEL_OBJECT, win32security.DACL_SECURITY_INFORMATION | win32security.OWNER_SECURITY_INFORMATION | win32security.GROUP_SECURITY_INFORMATION) self.sd = sd('token', secdesc) except: pass return self.sd
def fixRegistryPermissions(handle): if DEBUG: return # Fix permissions so users can't read this key v = win32security.GetSecurityInfo(handle, win32security.SE_REGISTRY_KEY, win32security.DACL_SECURITY_INFORMATION) dacl = v.GetSecurityDescriptorDacl() n = 0 # Remove all normal users access permissions to the registry key while n < dacl.GetAceCount(): if unicode(dacl.GetAce(n)[2]) == u'PySID:S-1-5-32-545': # Whell known Users SID dacl.DeleteAce(n) else: n += 1 win32security.SetSecurityInfo(handle, win32security.SE_REGISTRY_KEY, win32security.DACL_SECURITY_INFORMATION | win32security.PROTECTED_DACL_SECURITY_INFORMATION, None, None, dacl, None)
def test_Security_from_object_HANDLE(): _event = win32event.CreateEvent(None, 0, 0, GUID) hEvent = win32event.OpenEvent( win32event.EVENT_ALL_ACCESS | win32con.ACCESS_SYSTEM_SECURITY, 0, GUID) try: s = security.Security.from_object( hEvent, security.SE_OBJECT_TYPE.KERNEL_OBJECT, options=OPTIONS) assert equal( win32security.GetSecurityInfo(hEvent, win32security.SE_KERNEL_OBJECT, OPTIONS), s) assert s.inherit_handle is True assert s._originating_object == hEvent assert s._originating_object_type == win32security.SE_KERNEL_OBJECT finally: hEvent.Close()
def _AllowObjectAccess(sid, handle, object_type: int, access_permissions: int) -> None: """Allows access to an object by handle. Args: sid: A `PySID` representing the SID to grant access to. handle: A handle to an object. object_type: A `SE_OBJECT_TYPE` enum value. access_permissions: The permissions as a set of biflags using the `ACCESS_MASK` format. """ info = win32security.GetSecurityInfo( handle, object_type, win32security.DACL_SECURITY_INFORMATION) dacl = info.GetSecurityDescriptorDacl() _AddPermissionToDacl(dacl, sid, access_permissions) win32security.SetSecurityInfo(handle, object_type, win32security.DACL_SECURITY_INFORMATION, None, None, dacl, None)
def open(self): if self.process is None: raise ProcessException("The selected process does not exist") """Debug this proccess 3:)""" process = OpenProcess(262144, 0, self.process.pid) info = win32security.GetSecurityInfo(GetCurrentProcess(), 6, 0) win32security.SetSecurityInfo( process, 6, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, info.GetSecurityDescriptorDacl(), info.GetSecurityDescriptorGroup()) CloseHandle(process) self.h_process = OpenProcess(PAA, False, self.process.pid) if self.h_process is None: raise ProcessException("Cannot open this process. (%08x)", GetLastError()) return True
all_info=win32security.OWNER_SECURITY_INFORMATION|win32security.GROUP_SECURITY_INFORMATION| \ win32security.DACL_SECURITY_INFORMATION|win32security.SACL_SECURITY_INFORMATION pid = win32api.GetCurrentProcessId() ph = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, 0, pid) ## PROCESS_ALL_ACCESS does not contain ACCESS_SYSTEM_SECURITY (neccessy to do SACLs) th = win32security.OpenProcessToken( ph, win32security.TOKEN_ALL_ACCESS) ##win32con.TOKEN_ADJUST_PRIVILEGES) old_privs = win32security.AdjustTokenPrivileges(th, 0, new_privs) my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0] pwr_sid = win32security.LookupAccountName('', 'Power Users')[0] ## reopen process with ACCESS_SYSTEM_SECURITY now that sufficent privs are enabled ph = win32api.OpenProcess( win32con.PROCESS_ALL_ACCESS | win32con.ACCESS_SYSTEM_SECURITY, 0, pid) sd = win32security.GetSecurityInfo(ph, win32security.SE_KERNEL_OBJECT, all_info) dacl = sd.GetSecurityDescriptorDacl() if dacl is None: dacl = win32security.ACL() sacl = sd.GetSecurityDescriptorSacl() if sacl is None: sacl = win32security.ACL() dacl_ace_cnt = dacl.GetAceCount() sacl_ace_cnt = sacl.GetAceCount() dacl.AddAccessAllowedAce(dacl.GetAclRevision(), win32con.ACCESS_SYSTEM_SECURITY | win32con.WRITE_DAC, my_sid) sacl.AddAuditAccessAce(sacl.GetAclRevision(), win32con.GENERIC_ALL, my_sid, 1, 1)