From 1916464092b9f1225edfa40589203ea97ec407c9 Mon Sep 17 00:00:00 2001
From: HarmJ0y <will@harmj0y.net>
Date: Tue, 20 Dec 2016 23:13:16 -0500
Subject: bug fix in Get-TokenInformation

---
 Privesc/PowerUp.ps1 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'Privesc')

diff --git a/Privesc/PowerUp.ps1 b/Privesc/PowerUp.ps1
index 9c3d622..42b97ba 100644
--- a/Privesc/PowerUp.ps1
+++ b/Privesc/PowerUp.ps1
@@ -999,10 +999,10 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa379630(v=vs.85).aspx
 
             # initial query to determine the necessary buffer size
             $TokenGroupsPtrSize = 0
-            $Success = $Advapi32::GetTokenInformation($hProcToken, 2, 0, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize)
+            $Success = $Advapi32::GetTokenInformation($TokenHandle, 2, 0, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize)
             [IntPtr]$TokenGroupsPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenGroupsPtrSize)
 
-            $Success = $Advapi32::GetTokenInformation($hProcToken, 2, $TokenGroupsPtr, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
+            $Success = $Advapi32::GetTokenInformation($TokenHandle, 2, $TokenGroupsPtr, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
 
             if ($Success) {
                 $TokenGroups = $TokenGroupsPtr -as $TOKEN_GROUPS
@@ -1036,10 +1036,10 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa379630(v=vs.85).aspx
 
             # initial query to determine the necessary buffer size
             $TokenPrivilegesPtrSize = 0
-            $Success = $Advapi32::GetTokenInformation($hProcToken, 3, 0, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize)
+            $Success = $Advapi32::GetTokenInformation($TokenHandle, 3, 0, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize)
             [IntPtr]$TokenPrivilegesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenPrivilegesPtrSize)
 
-            $Success = $Advapi32::GetTokenInformation($hProcToken, 3, $TokenPrivilegesPtr, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
+            $Success = $Advapi32::GetTokenInformation($TokenHandle, 3, $TokenPrivilegesPtr, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
 
             if ($Success) {
                 $TokenPrivileges = $TokenPrivilegesPtr -as $TOKEN_PRIVILEGES
-- 
cgit v1.2.3