def shell_as(th, enable_privs=0):
t = thread(th)
print t.as_text()
new_tokenh = win32security.DuplicateTokenEx(
th, 3, win32con.MAXIMUM_ALLOWED, win32security.TokenPrimary,
win32security.SECURITY_ATTRIBUTES())
print "new_tokenh: %s" % new_tokenh
print "Impersonating..."
if enable_privs:
get_all_privs(new_tokenh)
commandLine = "cmd"
si = win32process.STARTUPINFO()
print "pysecdump: Starting shell with required privileges..."
(hProcess, hThread, dwProcessId,
dwThreadId) = win32process.CreateProcessAsUser(
new_tokenh,
None, # AppName
commandLine, # Command line
None, # Process Security
None, # ThreadSecurity
1, # Inherit Handles?
win32process.NORMAL_PRIORITY_CLASS,
None, # New environment
None, # Current directory
si) # startup info.
win32event.WaitForSingleObject(hProcess, win32event.INFINITE)
print "pysecdump: Quitting"
def shell_as(th, enable_privs = 0): t = thread(th) print t.as_text() new_tokenh = win32security.DuplicateTokenEx(th, 3 , win32con.MAXIMUM_ALLOWED , win32security.TokenPrimary , win32security.SECURITY_ATTRIBUTES() ) print "new_tokenh: %s" % new_tokenh print "Impersonating..." if enable_privs: get_all_privs(new_tokenh) commandLine = "cmd" si = win32process.STARTUPINFO() print "pysecdump: Starting shell with required privileges..." (hProcess, hThread, dwProcessId, dwThreadId) = win32process.CreateProcessAsUser( new_tokenh, None, # AppName commandLine, # Command line None, # Process Security None, # ThreadSecurity 1, # Inherit Handles? win32process.NORMAL_PRIORITY_CLASS, None, # New environment None, # Current directory si) # startup info. win32event.WaitForSingleObject( hProcess, win32event.INFINITE ); print "pysecdump: Quitting"
def get_threads(self):
if not self.threads:
for t in self.get_thread_ids():
self.add_thread(thread(t))
return self.threads
def get_threads(self):
if not self.threads:
for t in self.get_thread_ids():
self.add_thread(thread(t))
return self.threads
