Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

setkernelobjectsecurity.py 4.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135
  1. import win32api
  2. import win32con
  3. import win32process
  4. import win32security
  5. ## You need SE_RESTORE_NAME to be able to set the owner of a security descriptor to anybody
  6. ## other than yourself or your primary group. Most admin logins don't have it by default, so
  7. ## enabling it may fail
  8. new_privs = (
  9. (
  10. win32security.LookupPrivilegeValue("", win32security.SE_SECURITY_NAME),
  11. win32con.SE_PRIVILEGE_ENABLED,
  12. ),
  13. (
  14. win32security.LookupPrivilegeValue("", win32security.SE_TCB_NAME),
  15. win32con.SE_PRIVILEGE_ENABLED,
  16. ),
  17. (
  18. win32security.LookupPrivilegeValue("", win32security.SE_SHUTDOWN_NAME),
  19. win32con.SE_PRIVILEGE_ENABLED,
  20. ),
  21. (
  22. win32security.LookupPrivilegeValue("", win32security.SE_RESTORE_NAME),
  23. win32con.SE_PRIVILEGE_ENABLED,
  24. ),
  25. (
  26. win32security.LookupPrivilegeValue("", win32security.SE_TAKE_OWNERSHIP_NAME),
  27. win32con.SE_PRIVILEGE_ENABLED,
  28. ),
  29. (
  30. win32security.LookupPrivilegeValue("", win32security.SE_CREATE_PERMANENT_NAME),
  31. win32con.SE_PRIVILEGE_ENABLED,
  32. ),
  33. (
  34. win32security.LookupPrivilegeValue("", win32security.SE_ENABLE_DELEGATION_NAME),
  35. win32con.SE_PRIVILEGE_ENABLED,
  36. ),
  37. (
  38. win32security.LookupPrivilegeValue("", win32security.SE_CHANGE_NOTIFY_NAME),
  39. win32con.SE_PRIVILEGE_ENABLED,
  40. ),
  41. (
  42. win32security.LookupPrivilegeValue("", win32security.SE_DEBUG_NAME),
  43. win32con.SE_PRIVILEGE_ENABLED,
  44. ),
  45. (
  46. win32security.LookupPrivilegeValue(
  47. "", win32security.SE_PROF_SINGLE_PROCESS_NAME
  48. ),
  49. win32con.SE_PRIVILEGE_ENABLED,
  50. ),
  51. (
  52. win32security.LookupPrivilegeValue("", win32security.SE_SYSTEM_PROFILE_NAME),
  53. win32con.SE_PRIVILEGE_ENABLED,
  54. ),
  55. (
  56. win32security.LookupPrivilegeValue("", win32security.SE_LOCK_MEMORY_NAME),
  57. win32con.SE_PRIVILEGE_ENABLED,
  58. ),
  59. )
  60. all_info = (
  61. win32security.OWNER_SECURITY_INFORMATION
  62. | win32security.GROUP_SECURITY_INFORMATION
  63. | win32security.DACL_SECURITY_INFORMATION
  64. | win32security.SACL_SECURITY_INFORMATION
  65. )
  66. pid = win32api.GetCurrentProcessId()
  67. ph = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, 0, pid)
  68. ## PROCESS_ALL_ACCESS does not contain ACCESS_SYSTEM_SECURITY (neccessy to do SACLs)
  69. th = win32security.OpenProcessToken(
  70. ph, win32security.TOKEN_ALL_ACCESS
  71. ) ##win32con.TOKEN_ADJUST_PRIVILEGES)
  72. old_privs = win32security.GetTokenInformation(th, win32security.TokenPrivileges)
  73. desired_privs = tuple((e[0], win32con.SE_PRIVILEGE_ENABLED) for e in old_privs)
  74. modified_privs = win32security.AdjustTokenPrivileges(
  75. th, 0, desired_privs
  76. ) # Will (partially) fail for new_privs (unless they are a subset of current ones)
  77. gle = win32api.GetLastError()
  78. if gle != 0:
  79. print("AdjustTokenPrivileges error:", gle)
  80. # print(modified_privs)
  81. my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
  82. pwr_sid = win32security.LookupAccountName("", "Power Users")[0]
  83. ## reopen process with ACCESS_SYSTEM_SECURITY now that sufficent privs are enabled
  84. ph = win32api.OpenProcess(
  85. win32con.PROCESS_ALL_ACCESS | win32con.ACCESS_SYSTEM_SECURITY, 0, pid
  86. )
  87. sd = win32security.GetKernelObjectSecurity(ph, all_info)
  88. dacl = sd.GetSecurityDescriptorDacl()
  89. if dacl is None:
  90. dacl = win32security.ACL()
  91. sacl = sd.GetSecurityDescriptorSacl()
  92. if sacl is None:
  93. sacl = win32security.ACL()
  94. dacl_ace_cnt = dacl.GetAceCount()
  95. sacl_ace_cnt = sacl.GetAceCount()
  96. dacl.AddAccessAllowedAce(
  97. dacl.GetAclRevision(), win32con.ACCESS_SYSTEM_SECURITY | win32con.WRITE_DAC, my_sid
  98. )
  99. sacl.AddAuditAccessAce(sacl.GetAclRevision(), win32con.GENERIC_ALL, my_sid, 1, 1)
  100. sd.SetSecurityDescriptorDacl(1, dacl, 0)
  101. sd.SetSecurityDescriptorSacl(1, sacl, 0)
  102. sd.SetSecurityDescriptorGroup(pwr_sid, 0)
  103. sd.SetSecurityDescriptorOwner(pwr_sid, 0)
  104. win32security.SetKernelObjectSecurity(ph, all_info, sd)
  105. new_sd = win32security.GetKernelObjectSecurity(ph, all_info)
  106. if new_sd.GetSecurityDescriptorDacl().GetAceCount() != dacl_ace_cnt + 1:
  107. print("New dacl doesn" "t contain extra ace ????")
  108. if new_sd.GetSecurityDescriptorSacl().GetAceCount() != sacl_ace_cnt + 1:
  109. print("New Sacl doesn" "t contain extra ace ????")
  110. if (
  111. win32security.LookupAccountSid("", new_sd.GetSecurityDescriptorOwner())[0]
  112. != "Power Users"
  113. ):
  114. print("Owner not successfully set to Power Users !!!!!")
  115. if (
  116. win32security.LookupAccountSid("", new_sd.GetSecurityDescriptorGroup())[0]
  117. != "Power Users"
  118. ):
  119. print("Group not successfully set to Power Users !!!!!")
  120. sd.SetSecurityDescriptorSacl(0, None, 0)
  121. win32security.SetKernelObjectSecurity(ph, win32security.SACL_SECURITY_INFORMATION, sd)
  122. new_sd_1 = win32security.GetKernelObjectSecurity(
  123. ph, win32security.SACL_SECURITY_INFORMATION
  124. )
  125. if new_sd_1.GetSecurityDescriptorSacl() is not None:
  126. print("Unable to set Sacl to NULL !!!!!!!!")