From 0aaa23cd8656f0b92f2fac3cd8e6be68eed7d809 Mon Sep 17 00:00:00 2001 From: HarmJ0y Date: Mon, 12 Dec 2016 21:05:08 -0500 Subject: first take at platyPS doc generation --- docs/Recon/Invoke-UserImpersonation.md | 100 +++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100755 docs/Recon/Invoke-UserImpersonation.md (limited to 'docs/Recon/Invoke-UserImpersonation.md') diff --git a/docs/Recon/Invoke-UserImpersonation.md b/docs/Recon/Invoke-UserImpersonation.md new file mode 100755 index 0000000..6b1afc4 --- /dev/null +++ b/docs/Recon/Invoke-UserImpersonation.md @@ -0,0 +1,100 @@ +# Invoke-UserImpersonation + +## SYNOPSIS +Creates a new "runas /netonly" type logon and impersonates the token. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect + +## SYNTAX + +### Credential (Default) +``` +Invoke-UserImpersonation -Credential [-Quiet] +``` + +### TokenHandle +``` +Invoke-UserImpersonation -TokenHandle [-Quiet] +``` + +## DESCRIPTION +This function uses LogonUser() with the LOGON32_LOGON_NEW_CREDENTIALS LogonType +to simulate "runas /netonly". +The resulting token is then impersonated with +ImpersonateLoggedOnUser() and the token handle is returned for later usage +with Invoke-RevertToSelf. + +## EXAMPLES + +### -------------------------- EXAMPLE 1 -------------------------- +``` +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +``` + +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Invoke-UserImpersonation -Credential $Cred + +## PARAMETERS + +### -Credential +A \[Management.Automation.PSCredential\] object with alternate credentials +to impersonate in the current thread space. + +```yaml +Type: PSCredential +Parameter Sets: Credential +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TokenHandle +An IntPtr TokenHandle returned by a previous Invoke-UserImpersonation. +If this is supplied, LogonUser() is skipped and only ImpersonateLoggedOnUser() +is executed. + +```yaml +Type: IntPtr +Parameter Sets: TokenHandle +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Quiet +Suppress any warnings about STA vs MTA. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +## OUTPUTS + +### IntPtr + +The TokenHandle result from LogonUser. + +## NOTES + +## RELATED LINKS + -- cgit v1.2.3