diff options
| author | HarmJ0y <will@harmj0y.net> | 2016-12-20 23:13:16 -0500 |
|---|---|---|
| committer | HarmJ0y <will@harmj0y.net> | 2016-12-20 23:13:16 -0500 |
| commit | 1916464092b9f1225edfa40589203ea97ec407c9 (patch) | |
| tree | 002e96334faf3b2e27bb38df73bccac1bbfd4bc5 /Privesc | |
| parent | 98539005781d96be19f8d6820078383410bbe16a (diff) | |
| download | PowerSploit-1916464092b9f1225edfa40589203ea97ec407c9.tar.gz PowerSploit-1916464092b9f1225edfa40589203ea97ec407c9.zip | |
bug fix in Get-TokenInformation
Diffstat (limited to 'Privesc')
| -rw-r--r-- | Privesc/PowerUp.ps1 | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/Privesc/PowerUp.ps1 b/Privesc/PowerUp.ps1 index 9c3d622..42b97ba 100644 --- a/Privesc/PowerUp.ps1 +++ b/Privesc/PowerUp.ps1 @@ -999,10 +999,10 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa379630(v=vs.85).aspx # initial query to determine the necessary buffer size $TokenGroupsPtrSize = 0 - $Success = $Advapi32::GetTokenInformation($hProcToken, 2, 0, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize) + $Success = $Advapi32::GetTokenInformation($TokenHandle, 2, 0, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize) [IntPtr]$TokenGroupsPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenGroupsPtrSize) - $Success = $Advapi32::GetTokenInformation($hProcToken, 2, $TokenGroupsPtr, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() + $Success = $Advapi32::GetTokenInformation($TokenHandle, 2, $TokenGroupsPtr, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() if ($Success) { $TokenGroups = $TokenGroupsPtr -as $TOKEN_GROUPS @@ -1036,10 +1036,10 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa379630(v=vs.85).aspx # initial query to determine the necessary buffer size $TokenPrivilegesPtrSize = 0 - $Success = $Advapi32::GetTokenInformation($hProcToken, 3, 0, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize) + $Success = $Advapi32::GetTokenInformation($TokenHandle, 3, 0, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize) [IntPtr]$TokenPrivilegesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenPrivilegesPtrSize) - $Success = $Advapi32::GetTokenInformation($hProcToken, 3, $TokenPrivilegesPtr, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() + $Success = $Advapi32::GetTokenInformation($TokenHandle, 3, $TokenPrivilegesPtr, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() if ($Success) { $TokenPrivileges = $TokenPrivilegesPtr -as $TOKEN_PRIVILEGES |