Skip to content

fgsec/SharpGetSystem

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
SharpGetSystem
SharpGetSystem
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
example.PNG
example.PNG
 
 

Repository files navigation

SharpGetSystem

C# implementation of the classic "GetSystem" using WIN32 function ImpersonateNamedPipeClient.

example

How this works

This code runs both a service and the console.

The console is responsible for installing itself as a system service, creating a Named Pipe server using CreateNamedPipe() and waiting for the service to connect using CreateFile() with the "SECURITY_SQOS_PRESENT | SECURITY_IMPERSONATION" flags. With the incoming connection, the ImpersonateNamedPipeClient() function is executed, enabling the impersonation process. The execution of a new process is performed with DuplicateTokenEx() that duplicates the token and the use of the CreateProcessWithTokenW() function that allows us to spawn a new process with the duplicated token.

About

Classic implementation of "GetSystem" using C#

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages