|
Wednesday, March 01, 2006
Release of MSHForFun.Security MshSnapin v0.1
Bookmark:
|
|
|
|
|
|
|
|
|
|
Finally, I finished my MSHForFun.Security MshSnapin v0.1. Source code and binary files can be downloaded from GotDotNet under BSD license (Sorry, you need an Internet explorer to visit gotdotnet.com. Firefox seemed to not willing to take .Net passport). Contain four cmdlets at this moment:
|
|
|
|
Name : add-processowner
Definition : add-processowner [-ProcessArray] Process[] [-Verbose] [-Debug]
[-ErrorAction ActionPreference] [-ErrorVariable String] [-OutVa
riable String] [-OutBuffer Int32] [-WhatIf] [-Confirm]
Wrapper of OpenProcessToken Win32 API. It takes Process (output of get-process cmdlet) as input and adds process owner information (System.Security.Pricipal.WindowsIdentity) as NoteProperty.
Name : Get-Privilege
Definition : Get-Privilege [[-Identity] WindowsIdentity] [-Verbose] [-Debug]
[-ErrorAction ActionPreference] [-ErrorVariable String] [-OutV
ariable String] [-OutBuffer Int32] [-WhatIf] [-Confirm]
Wrapper of GetTokenInformation Win32 API. It takes System.Security.Pricipal.WindowsIdentity object as input and returns MSHForFun.Security.TokenPrivilegeCollection object. If used without parameter, it returns current process (msh.exe) token privileges.
Name : get-windowsidentity
Definition : get-windowsidentity [[-Credential] MshCredential] [-Verbose] [-
Debug] [-ErrorAction ActionPreference] [-ErrorVariable String]
[-OutVariable String] [-OutBuffer Int32] [-WhatIf] [-Confirm]
Wapper of LogonUser() Win32API. It takes MshCredential object as input and returns System.Security.Pricipal.WindowsIdentity object. If used without parameter, it returns System.Security.Pricipal.WindowsIdentity object represented current user.
Name : start-process
Definition : start-process [-FileName] String [-Credential MshCredential] [-
Arguments String] [-LoadUserProfile] [-UseShellExecute] [-Worki
ngDirectory String] [-CreateNoWindow] [-ErrorDialog] [-ErrorDia
logParentHandle IntPtr] [-RedirectStandardError] [-RedirectStan
dardInput] [-RedirectStandardOutput] [-StandardErrorEncoding En
coding] [-StandardOutputEncoding Encoding] [-Verb String] [-Win
dowStyle ProcessWindowStyle] [-Verbose] [-Debug] [-ErrorAction
ActionPreference] [-ErrorVariable String] [-OutVariable String]
[-OutBuffer Int32] [-WhatIf] [-Confirm]
Wrapper of System.Diagnostics.Process.Start() Methods. It takes MshCredential object as input and start a process using that credential. (Runas in MSH).
What's new?
- Wrap token handle into SafeTokenHandle, which is derived from Microsoft.Win32. SafeHandles. SafeHandleZeroOrMinusOneIsInvalid (try to prevent handle leakage and provides protection for handle recycling security attacks)
- Get-Privilege cmdlet
- Make sure all Exceptions were properly handled and using WriteWarning instead of WriteError, if we known errors will happen frequently (Add-Processowner)
- Rewrite C# code, correct errors and clean comments.
- System.Security.Pricipal.WindowsIdentity contains all important information inside a token except token privileges, so I took the challenge to write a Get-Privilege cmdlet.
- Mashalling memory block (struct TOKEN_PRIVILEGE) using C# is killing me. I will not do it again.
- MSHForFun.Security.TokenPrivilege contian 2 public property: Name and Status
- MSHForFun.Security.TokenPrivilegeCollection is derived from System.Collection.CollectionBase.
- Get-Privilege cmdlet is used for dump token privilege only.
>get-privilege (get-windowsidentity (get-credential))
Cmdlet get-credential at command pipeline position 1
Supply values for the following parameters:
Credential
User: Administrator
Password for user Administrator: *******
Name Status
---- ------
SeChangeNotifyPrivilege Enabled | Enabled By Default
SeSecurityPrivilege Enabled | Enabled By Default
SeBackupPrivilege Enabled | Enabled By Default
SeRestorePrivilege Enabled | Enabled By Default
SeSystemtimePrivilege Enabled | Enabled By Default
SeShutdownPrivilege Enabled | Enabled By Default
SeRemoteShutdownPrivilege Enabled | Enabled By Default
SeTakeOwnershipPrivilege Enabled | Enabled By Default
SeDebugPrivilege Enabled | Enabled By Default
SeSystemEnvironmentPrivilege Enabled | Enabled By Default
SeSystemProfilePrivilege Enabled | Enabled By Default
SeProfileSingleProcessPrivilege Enabled | Enabled By Default
SeIncreaseBasePriorityPrivilege Enabled | Enabled By Default
SeLoadDriverPrivilege Enabled | Enabled By Default
SeCreatePagefilePrivilege Enabled | Enabled By Default
SeIncreaseQuotaPrivilege Enabled | Enabled By Default
SeUndockPrivilege Enabled | Enabled By Default
SeManageVolumePrivilege Enabled | Enabled By Default
SeCreateGlobalPrivilege Enabled | Enabled By Default
SeImpersonatePrivilege Enabled | Enabled By Default
> get-privilege (get-process -Id 3768 | add-processowner).Processowner
Name Status
---- ------
SeChangeNotifyPrivilege Enabled | Enabled By Default
SeSecurityPrivilege Removed
SeBackupPrivilege Removed
SeRestorePrivilege Removed
SeSystemtimePrivilege Removed
SeShutdownPrivilege Removed
SeRemoteShutdownPrivilege Removed
SeTakeOwnershipPrivilege Removed
SeDebugPrivilege Enabled
SeSystemEnvironmentPrivilege Removed
SeSystemProfilePrivilege Removed
SeProfileSingleProcessPrivilege Removed
SeIncreaseBasePriorityPrivilege Removed
SeLoadDriverPrivilege Removed
SeCreatePagefilePrivilege Removed
SeIncreaseQuotaPrivilege Removed
SeUndockPrivilege Removed
SeManageVolumePrivilege Removed
SeCreateGlobalPrivilege Enabled | Enabled By Default
SeImpersonatePrivilege Enabled | Enabled By Default
>get-process | add-processowner
Handles NPM(K) PM(K) WS(K) VS(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
71 3 1548 5304 38 0.80 864 acrotray
WARNING: Failed to openy process token (Access Denied): alg
105 5 1224 3604 35 2832 alg
....
(clipped)
>Start-process -Credential (get-credential) -FileName control.exe -Arguments timedate.cpl
Cmdlet get-credential at command pipeline position 1
Supply values for the following parameters:
Credential
User: Administrator
Password for user Administrator: *******
Handles NPM(K) PM(K) WS(K) VS(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
0 0 64 60 1 0.00 2220 control
PS. some Non-MSH stuff:
Check out the "Brrreeeport" game on the Scobleizer blog.
Check out results on
1. Technorati
2. MSN Search
3. Google
4. Yahoo
Have fun!
[Edit: Monad has now been renamed to Windows PowerShell. This script or discussion may require slight adjustments before it applies directly to newer builds.]
Tags: msh monad PowerShell
# posted by Anonymous : 3/01/2006 11:10:00 PM
Comments:
<< Home
Great Work,
(I once did this for VB.NET, could not set myself to translate it (remembered the Token part ;-))
gr /\/\o\/\/
(I once did this for VB.NET, could not set myself to translate it (remembered the Token part ;-))
gr /\/\o\/\/
Hey, good stuff that you have posted and converted them into a snapin(must've taken a lot of time and effort :))
BTW, Do you have any plan to extend your project to include other utility cmdlets? or is the project going to be strictly "security"-related cmdlets?
BTW, Do you have any plan to extend your project to include other utility cmdlets? or is the project going to be strictly "security"-related cmdlets?
Thanks.
I think mshsnapin should only bundle related cmdlets. If I am going to release some new cmdlets, I would put them in another seperated mshsnapin instead of put them together.
I think mshsnapin should only bundle related cmdlets. If I am going to release some new cmdlets, I would put them in another seperated mshsnapin instead of put them together.
# posted by 
: 3/02/2006 1:12 PM
: 3/02/2006 1:12 PM<< Home
Post a Comment