To be clear, this is not my code. I merely want to have it readily accessible in case I need it later. The original post came from Niklas Goudes post on the Scripting Guys blog,
Use PowerShell to Duplicate Process Tokens via P/Invoke
I added this to my dot sourced function directory so I can use it on an as needed basis to get an elevated shell. So, again, not my code, just a great function found here:
Enable-TSDuplicateToken
Works perfectly on Windows 7,
functionEnable-TSDuplicateToken {
<#
.SYNOPSIS
Duplicates the Access token of lsass and sets it in the current process thread.
.DESCRIPTION
The Enable-TSDuplicateToken CmdLet duplicates the Access token of lsass and sets it in the current process thread.
The CmdLet must be run with elevated permissions.
.EXAMPLE
Enable-TSDuplicateToken
.LINK
http://www.truesec.com
.NOTES
Goude 2012, TreuSec
#>
[CmdletBinding()]
param()
$signature= @"
[StructLayout(LayoutKind.Sequential, Pack = 1)]
public struct TokPriv1Luid
{
public int Count;
public long Luid;
public int Attr;
}
public const int SE_PRIVILEGE_ENABLED = 0x00000002;
public const int TOKEN_QUERY = 0x00000008;
public const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
public const UInt32 STANDARD_RIGHTS_REQUIRED = 0x000F0000;
public const UInt32 STANDARD_RIGHTS_READ = 0x00020000;
public const UInt32 TOKEN_ASSIGN_PRIMARY = 0x0001;
public const UInt32 TOKEN_DUPLICATE = 0x0002;
public const UInt32 TOKEN_IMPERSONATE = 0x0004;
public const UInt32 TOKEN_QUERY_SOURCE = 0x0010;
public const UInt32 TOKEN_ADJUST_GROUPS = 0x0040;
public const UInt32 TOKEN_ADJUST_DEFAULT = 0x0080;
public const UInt32 TOKEN_ADJUST_SESSIONID = 0x0100;
public const UInt32 TOKEN_READ = (STANDARD_RIGHTS_READ | TOKEN_QUERY);
public const UInt32 TOKEN_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY |
0 comments:
Post a Comment