Enable or Disable TokenPrivilege(s)
.\EnableAllTokenPrivs.exe
EnableAllTokenPrivs.exe -> Enable/Disable TokenPrivilege(s)
-p --pid 6969 enable/disable privilege(s) of a process
-d --disable disable privilege(s)
-P --privilege SeDebugPrivilege enable/disable just one specific privilege
-l --list list privileges
-h --help print help (this output)
Examples
enable all disabled TokenPrivileges of the calling/parent process:
EnableAllTokenPrivs.exe
list the TokenPrivileges of the calling/parent process (whoami /priv
):
EnableAllTokenPrivs.exe -l
enable the SeDebugPrivilege of the calling/parent process:
EnableAllTokenPrivs.exe -P SeDebugPrivilege
disabled the SeDebugPrivilege of the process with PID 6969:
EnableAllTokenPrivs.exe --pid 6969 --disable --privilege SeDebugPrivilege
list the TokenPrivileges of the process with PID 6969:
EnableAllTokenPrivs.exe --pid 6969 --list
disable all enabled privileges of the process with PID 6969:
EnableAllTokenPrivs.exe --pid 6969 --disable
disable the SeDebugPrivilege of the process with PID 6969:
EnableAllTokenPrivs.exe --pid 6969 --disable --privilege SeDebugPrivilege
execute the assembly in a sacrifical process which enables all TokenPrivileges of the implant process:
execute-assembly -c EnableAllTokenPrivs.EnableAllTokenPrivs -m Main /tmp/EnableAllTokenPrivs.exe
if you just want to enable all privileges for your powershell process, you're fine using: EnableAllTokenPrivs.ps1
MSDN - OpenProcessToken
MSDN - AdjustTokenPrivileges
antonioCoco/RunasCs