Enable or Disable TokenPrivilege(s)
This program is actually pretty useless as it is just a wrapper for the AdjustTokenPrivileges() WinAPI function and enables or disables privileges on processes.
Typically, when a program needs to perform a privileged task, it will simply call AdjustTokenPrivileges to enable the privileges it needs, or disable the privileges when it is done performing that privileged task.
C:\tools>.\EnableAllTokenPrivs.exe
EnableAllTokenPrivs.exe -> Enable/Disable TokenPrivilege(s)
-p --pid 6969 enable/disable privilege(s) of a process
-d --disable disable privilege(s)
-P --privilege SeDebugPrivilege enable/disable a single privilege
-l --list list privileges
-h --help print help (this output)Examples
enable all disabled TokenPrivileges of the calling/parent process:
EnableAllTokenPrivs.exelist the TokenPrivileges of the calling/parent process (whoami /priv):
EnableAllTokenPrivs.exe -lenable the SeDebugPrivilege of the calling/parent process:
EnableAllTokenPrivs.exe -P SeDebugPrivilegedisabled the SeDebugPrivilege of the process with PID 6969:
EnableAllTokenPrivs.exe --pid 6969 --disable --privilege SeDebugPrivilegelist the TokenPrivileges of the process with PID 6969:
EnableAllTokenPrivs.exe --pid 6969 --listdisable all enabled privileges of the process with PID 6969:
EnableAllTokenPrivs.exe --pid 6969 --disabledisable the SeDebugPrivilege of the process with PID 6969:
EnableAllTokenPrivs.exe --pid 6969 --disable --privilege SeDebugPrivilegeexecute the assembly in a sacrifical process which enables all TokenPrivileges of the implant process (idk why you would do this but you can):
execute-assembly -c EnableAllTokenPrivs.EnableAllTokenPrivs -m Main /tmp/EnableAllTokenPrivs.exe
if you just want to enable all privileges for your powershell process, you can use: EnableAllTokenPrivs.ps1
MSDN - OpenProcessToken
MSDN - AdjustTokenPrivileges
antonioCoco/RunasCs