Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

PowerUp: Allocate enough space for TOKEN_GROUPS 

Make an initial call to GetTokenInformation() with a NULL buffer to get
the actual buffer size required. Prevents "The data area passed to a system
call is too small" error being thrown.
This commit is contained in:
Jon Cave 2016-06-29 16:23:45 +02:00
parent 81ac124f22
commit 9d2b9d7631
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Privesc/PowerUp.ps1
View File

@ -974,17 +974,16 @@ function Get-CurrentUserTokenGroupSid {
$Success = $Advapi32::OpenProcessToken($CurrentProcess, $TOKEN_QUERY, [ref]$hProcToken);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
if($Success) {
$TokenGroupsPtrSize = $TOKEN_GROUPS::GetSize()
$TokenGroupsPtrSize = 0
# Initial query to determine the necessary buffer size
$Success = $Advapi32::GetTokenInformation($hProcToken, 2, 0, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize)
[IntPtr]$TokenGroupsPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenGroupsPtrSize)
[UInt32]$RealSize = 0
# query the current process token with the 'TokenGroups=2' TOKEN_INFORMATION_CLASS enum to retrieve a TOKEN_GROUPS structure
$Success2 = $Advapi32::GetTokenInformation($hProcToken, 2, $TokenGroupsPtr, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
$Success = $Advapi32::GetTokenInformation($hProcToken, 2, $TokenGroupsPtr, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
if($Success2) {
if($Success) {
$TokenGroups = $TokenGroupsPtr -as $TOKEN_GROUPS