Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function force-mkdir($path) {
- if (!(Test-Path $path)) {
- New-Item -ItemType Directory -Force -Path $path
- }
- }
- function Takeown-Registry($key) {
- # TODO does not work for all root keys yet
- switch ($key.split('\')[0]) {
- "HKEY_CLASSES_ROOT" {
- $reg = [Microsoft.Win32.Registry]::ClassesRoot
- $key = $key.substring(18)
- }
- "HKEY_CURRENT_USER" {
- $reg = [Microsoft.Win32.Registry]::CurrentUser
- $key = $key.substring(18)
- }
- "HKEY_LOCAL_MACHINE" {
- $reg = [Microsoft.Win32.Registry]::LocalMachine
- $key = $key.substring(19)
- }
- }
- # get administraor group
- $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
- $admins = $admins.Translate([System.Security.Principal.NTAccount])
- # set owner
- $key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
- $acl = $key.GetAccessControl()
- $acl.SetOwner($admins)
- $key.SetAccessControl($acl)
- # set FullControl
- $acl = $key.GetAccessControl()
- $rule = New-Object System.Security.AccessControl.RegistryAccessRule($admins, "FullControl", "Allow")
- $acl.SetAccessRule($rule)
- $key.SetAccessControl($acl)
- }
- function Takeown-File($path) {
- takeown.exe /A /F $path
- $acl = Get-Acl $path
- # get administraor group
- $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
- $admins = $admins.Translate([System.Security.Principal.NTAccount])
- # add NT Authority\SYSTEM
- $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($admins, "FullControl", "None", "None", "Allow")
- $acl.AddAccessRule($rule)
- Set-Acl -Path $path -AclObject $acl
- }
- function Takeown-Folder($path) {
- Takeown-File $path
- foreach ($item in Get-ChildItem $path) {
- if (Test-Path $item -PathType Container) {
- Takeown-Folder $item.FullName
- } else {
- Takeown-File $item.FullName
- }
- }
- }
- function Elevate-Privileges {
- param($Privilege)
- $Definition = @"
- using System;
- using System.Runtime.InteropServices;
- public class AdjPriv {
- [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
- internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele);
- [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
- internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
- [DllImport("advapi32.dll", SetLastError = true)]
- internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
- [StructLayout(LayoutKind.Sequential, Pack = 1)]
- internal struct TokPriv1Luid {
- public int Count;
- public long Luid;
- public int Attr;
- }
- internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
- internal const int TOKEN_QUERY = 0x00000008;
- internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
- public static bool EnablePrivilege(long processHandle, string privilege) {
- bool retVal;
- TokPriv1Luid tp;
- IntPtr hproc = new IntPtr(processHandle);
- IntPtr htok = IntPtr.Zero;
- retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
- tp.Count = 1;
- tp.Luid = 0;
- tp.Attr = SE_PRIVILEGE_ENABLED;
- retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
- retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
- return retVal;
- }
- }
- "@
- $ProcessHandle = (Get-Process -id $pid).Handle
- $type = Add-Type $definition -PassThru
- $type[0]::EnablePrivilege($processHandle, $Privilege)
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement