API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 18th, 2019
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 18.55 KB | None | 0 0
raw download clone embed print report
  1. /*TODO: Make a dynamic load of Advapi and Netapi*/
  2. #define _CRT_SECURE_NO_WARNINGS
  3. #include "libs.h"
  4.  
  5. //Global variables
  6. LSA_HANDLE g_PolicyHandle = NULL;
  7. WCHAR g_SystemName[] = L"DESKTOP-Alexander";
  8. HMODULE hmAdvModule;
  9. HMODULE hmNetModule;
  10.  
  11.  
  12. LSA_HANDLE ReceivePolicyHandle()
  13. {
  14.     //LSA_UNICODE_STRING as a name of target system to receive a pointer to policy handle
  15.     LSA_UNICODE_STRING lusSystemName;
  16.     LSA_OBJECT_ATTRIBUTES ObjectAttr;
  17.     NTSTATUS ErrorStatus;
  18.     LSA_HANDLE Buffer;
  19.     lusSystemName.Buffer = g_SystemName;
  20.     lusSystemName.Length = wcslen(g_SystemName) * sizeof(WCHAR);
  21.     lusSystemName.MaximumLength = (wcslen(g_SystemName) + 1) * sizeof(WCHAR);
  22.    
  23.     LsaOpenPolicy_t myLsaOpenPolicy = (LsaOpenPolicy_t)GetProcAddress(hmAdvModule, "LsaOpenPolicy");
  24.  
  25.     //Initializing objectattr to zeroes
  26.     ZeroMemory(&ObjectAttr, sizeof(ObjectAttr));
  27.  
  28.     ErrorStatus = myLsaOpenPolicy(
  29.         NULL,
  30.         &ObjectAttr,
  31.         POLICY_ALL_ACCESS | POLICY_LOOKUP_NAMES,
  32.         &Buffer
  33.     );
  34.     /*ErrorStatus 0xC0000022 - STATUS_ACCESS_DENIED
  35.     it must be executed using powershell in sudo*/
  36.     if (ErrorStatus != 0)
  37.     {
  38.         printf("%x", ErrorStatus);
  39.         exit(1);
  40.     }
  41.     else
  42.         printf("PolicyHandle was successfully received.\n");
  43.     return Buffer;
  44. }
  45. void PrintInterface()
  46. {
  47.     puts("Next commands are available:");
  48.     puts("/------------------------------------------------------/");
  49.     puts("1 - Display information about system users");
  50.     puts("2 - Display information about local system groups");
  51.     puts("3 - Display information about global system groups");
  52.     puts("4 - Create a user");
  53.     puts("5 - Delete a user");
  54.     puts("6 - Create a group");
  55.     puts("7 - Delete a group");
  56.     puts("8 - Add privilege to a user");
  57.     puts("9 - Delete user's privilege");
  58.     puts("10 - Add privilege to a group");
  59.     puts("11 - Delete group's privilege");
  60.     puts("/------------------------------------------------------/");
  61. }
  62. void ShowUsersInfo()
  63. {
  64.     printf("Information about users: \n");
  65.     NET_API_STATUS ErrorStatus = NULL;
  66.     LPUSER_INFO_3 InfoBuffer = NULL;
  67.     LPUSER_INFO_23 TempBuffer = NULL;
  68.     DWORD dwEntriesRead = 0;
  69.     DWORD dwTotalEntries = 0;
  70.     DWORD dwResumeHandle = 0;
  71.  
  72.     NetUserEnum_t myNetUserEnum = (NetUserEnum_t)GetProcAddress(hmNetModule, "NetUserEnum");
  73.     NetUserGetInfo_t myNetUserGetInfo = (NetUserGetInfo_t)GetProcAddress(hmNetModule, "NetUserGetInfo");
  74.     ConvertSidToStringSidA_t myConvertSidToStringSidA = (ConvertSidToStringSidA_t)GetProcAddress(hmAdvModule, "ConvertSidToStringSidA");
  75.     NetUserGetLocalGroups_t myNetUserGetLocalGroups = (NetUserGetLocalGroups_t)GetProcAddress(hmNetModule, "NetUserGetLocalGroups");
  76.     LsaEnumerateAccountRights_t myLsaEnumerateAccountRights = (LsaEnumerateAccountRights_t)GetProcAddress(hmAdvModule, "LsaEnumerateAccountRights");
  77.  
  78.     while (1) {
  79.         ErrorStatus = myNetUserEnum(
  80.             NULL,
  81.             3,
  82.             FILTER_NORMAL_ACCOUNT,
  83.             (BYTE**)&InfoBuffer,
  84.             MAX_PREFERRED_LENGTH,
  85.             &dwEntriesRead,
  86.             &dwTotalEntries,
  87.             &dwResumeHandle);
  88.         if (ErrorStatus == NERR_Success)
  89.         {
  90.             if (InfoBuffer != NULL)
  91.             {
  92.                 for (DWORD i = 0; i < dwEntriesRead; i++, InfoBuffer++)
  93.                 {
  94.                     printf("\t\t\t%ld\nUser's name: ", i);
  95.                     _putws(InfoBuffer->usri3_name);
  96.                    
  97.                     /*
  98.                       By some reason user's password is NULL
  99.                       so it can't be printed
  100.                     */
  101.                     //printf("User's password: "); _putws(InfoBuffer->usri3_password);
  102.                    
  103.                     printf("User's SID: ");
  104.                     myNetUserGetInfo(NULL, InfoBuffer->usri3_name, 23, (BYTE**)&TempBuffer);
  105.                     char *SidString = (char*)calloc(40, sizeof(char));
  106.                     myConvertSidToStringSidA(TempBuffer->usri23_user_sid, &SidString);
  107.                     printf("%s\n", SidString);
  108.                     free (SidString);
  109.                     if(InfoBuffer->usri3_priv == 0)
  110.                         printf("User's level of privilege: USER_PRIV_GUEST - Guest\n");
  111.                     else if(InfoBuffer->usri3_priv == 1)
  112.                         printf("User's level of privilege: USER_PRIV_USER - User\n");
  113.                     else if(InfoBuffer->usri3_priv == 2)
  114.                         printf("User's level of privilege: USER_PRIV_ADMIN - Administrator\n");
  115.                     printf("User's privilegies: ");
  116.                    
  117.                     PLSA_UNICODE_STRING RightsList = NULL;
  118.                     ULONG RightsCounter = 0;
  119.                     myLsaEnumerateAccountRights(g_PolicyHandle, TempBuffer->usri23_user_sid, &RightsList, &RightsCounter);
  120.                     if ((DWORD)RightsCounter == 0)
  121.                         printf("NULL\n");
  122.                     else
  123.                     {
  124.                         for (DWORD i = 0; i < (DWORD)RightsCounter; i++)
  125.                         {
  126.                             wprintf(L"%s ", RightsList[i].Buffer);
  127.                         }
  128.                         printf("\n");
  129.                     }
  130.  
  131.                     printf("User's comment: ");
  132.                     _putws(InfoBuffer->usri3_comment);
  133.  
  134.                     printf("User's local groups: ");
  135.                     LPLOCALGROUP_USERS_INFO_0 GroupsBuffer = NULL;
  136.                     DWORD dwEntriesReadGroups = 0;
  137.                     DWORD dwTotalEntriesGroups = 0;
  138.                     myNetUserGetLocalGroups(
  139.                         NULL,
  140.                         InfoBuffer->usri3_name,
  141.                         0,
  142.                         LG_INCLUDE_INDIRECT,
  143.                         (BYTE**)&GroupsBuffer,
  144.                         MAX_PREFERRED_LENGTH,
  145.                         &dwEntriesReadGroups,
  146.                         &dwTotalEntriesGroups
  147.                     );
  148.                     if (GroupsBuffer != NULL)
  149.                     {
  150.                         for (DWORD i = 0; i < dwEntriesReadGroups; i++, GroupsBuffer++)
  151.                         {
  152.                             wprintf(L"%s\n", GroupsBuffer[i].lgrui0_name);
  153.                         }
  154.                     }
  155.                     else
  156.                         printf("NULL\n");
  157.                 }
  158.             }
  159.         }
  160.         printf("\n");
  161.         break;
  162.     }
  163.     //NetApiBufferFree(InfoBuffer);
  164.     //NetApiBufferFree(TempBuffer);
  165. }
  166. void ShowLocalGroups()
  167. {
  168.     LPLOCALGROUP_INFO_1 InfoBuffer;
  169.     DWORD dwEntriesRead = 0;
  170.     DWORD dwTotalEntries = 0;
  171.     DWORD dwResumeHandle = 0;
  172.     NET_API_STATUS ErrorStatus;
  173.    
  174.     NetLocalGroupEnum_t myNetLocalGroupEnum = (NetLocalGroupEnum_t)GetProcAddress(hmNetModule, "NetLocalGroupEnum");
  175.     ConvertSidToStringSidA_t myConvertSidToStringSidA = (ConvertSidToStringSidA_t)GetProcAddress(hmAdvModule, "ConvertSidToStringSidA");
  176.     LsaEnumerateAccountRights_t myLsaEnumerateAccountRights = (LsaEnumerateAccountRights_t)GetProcAddress(hmAdvModule, "LsaEnumerateAccountRights");
  177.     LookupAccountNameW_t myLookuppAccountNameW = (LookupAccountNameW_t)GetProcAddress(hmAdvModule, "LookupAccountNameW");
  178.  
  179.     printf("Information about local groups: \n");
  180.     while (1)
  181.     {
  182.         ErrorStatus = myNetLocalGroupEnum(NULL, 1, (BYTE**)&InfoBuffer, MAX_PREFERRED_LENGTH, &dwEntriesRead, &dwTotalEntries, &dwResumeHandle);
  183.         for (DWORD i = 0; i < dwEntriesRead; i++, InfoBuffer++)
  184.         {
  185.             printf("\t\t\t%ld\nGroup's name: ", i);
  186.             _putws(InfoBuffer->lgrpi1_name);
  187.             printf("Group's SID: ");
  188.             DWORD SIDSize = 0;
  189.             SID_NAME_USE peUse;
  190.             LPWSTR ReferencedDomainName;
  191.             DWORD cchReferencedDomainName = 0;
  192.             ErrorStatus = LookupAccountNameW(NULL, InfoBuffer->lgrpi1_name, NULL, &SIDSize, NULL, &cchReferencedDomainName, &peUse);
  193.             /*if(ErrorStatus == 0)
  194.                 printf("0x%x", GetLastError());*/
  195.             PSID GroupSID = (PSID)malloc(SIDSize);
  196.             ReferencedDomainName = (LPWSTR)malloc(cchReferencedDomainName);
  197.             ErrorStatus = LookupAccountNameW(NULL, InfoBuffer->lgrpi1_name, GroupSID, &SIDSize, ReferencedDomainName, &cchReferencedDomainName, &peUse);
  198.             char *SIDString = (char*)calloc(40, sizeof(char));
  199.             myConvertSidToStringSidA(GroupSID, &SIDString);
  200.             printf("%s\n", SIDString);
  201.             printf("Group's privilegies: ");
  202.             PLSA_UNICODE_STRING RightsList;
  203.             ULONG RightsCounter = 0;
  204.             myLsaEnumerateAccountRights(g_PolicyHandle, GroupSID, &RightsList, &RightsCounter);
  205.             if (RightsCounter == 0)
  206.                 printf("NULL\n");
  207.             else
  208.             {
  209.                 for (DWORD i = 0; i < (DWORD)RightsCounter; i++)
  210.                 {
  211.                     wprintf(L"%s ", RightsList[i].Buffer);
  212.                 }
  213.                 printf("\n");
  214.             }
  215.             printf("Group's comment: %S\n", InfoBuffer->lgrpi1_comment);
  216.            
  217.             //free(GroupSID);
  218.             //free(ReferencedDomainName);
  219.         }
  220.         printf("\n");
  221.         break;
  222.     }
  223.     //NetApiBufferFree(&InfoBuffer);
  224. }
  225. void ShowGlobalGroups()
  226. {
  227.     printf("Information about global groups: \n");
  228.     GROUP_INFO_2 *InfoBuffer = NULL;
  229.     NET_API_STATUS ErrorStatus;
  230.     DWORD dwEntriesRead = 0;
  231.     DWORD dwTotalEntries = 0;
  232.     DWORD dwResumeHandle = 0;
  233.  
  234.     ConvertSidToStringSidA_t myConvertSidToStringSidA = (ConvertSidToStringSidA_t)GetProcAddress(hmAdvModule, "ConvertSidToStringSidA");
  235.     LsaEnumerateAccountRights_t myLsaEnumerateAccountRights = (LsaEnumerateAccountRights_t)GetProcAddress(hmAdvModule, "LsaEnumerateAccountRights");
  236.     NetGroupEnum_t myNetGroupEnum = (NetGroupEnum_t)GetProcAddress(hmNetModule, "NetGroupEnum");
  237.     NetGroupGetInfo_t myNetGroupGetInfo = (NetGroupGetInfo_t)GetProcAddress(hmNetModule, "NetGroupGetInfo");
  238.  
  239.     while (1)
  240.     {
  241.         ErrorStatus = myNetGroupEnum(NULL, 2, (BYTE**)&InfoBuffer, MAX_PREFERRED_LENGTH, &dwEntriesRead, &dwTotalEntries, &dwResumeHandle);
  242.         /*if (ErrorStatus != 0)
  243.             printf("0x%x", ErrorStatus);
  244.         if (ErrorStatus == ERROR_MORE_DATA)
  245.             return;
  246.         else if (ErrorStatus == NERR_InvalidComputer)
  247.         {
  248.             return;
  249.         }
  250.         else if (ErrorStatus == ERROR_ACCESS_DENIED)
  251.         {
  252.             return;
  253.         }*/
  254.         for (DWORD i = 0; i < dwEntriesRead; i++, InfoBuffer++)
  255.         {
  256.             printf("\t\t\t%ld\nGroup's name: ", i);
  257.             _putws(InfoBuffer->grpi2_name);
  258.             printf("Group's SID: ");
  259.             GROUP_INFO_3 *TempBuffer = NULL;
  260.             ErrorStatus = myNetGroupGetInfo(NULL, InfoBuffer->grpi2_name, 3, (LPBYTE*)&TempBuffer);
  261.             char *SIDString = (char*)calloc(60, sizeof(char));
  262.             myConvertSidToStringSidA(TempBuffer->grpi3_group_sid, &SIDString);
  263.             printf("%s\n", SIDString);
  264.             printf("Group's privilgies: ");
  265.             PLSA_UNICODE_STRING RightsList;
  266.             ULONG RightsCounter = 0;
  267.             myLsaEnumerateAccountRights(g_PolicyHandle, TempBuffer->grpi3_group_sid, &RightsList, &RightsCounter);
  268.             if (RightsCounter == 0)
  269.                 printf("NULL\n");
  270.             else
  271.             {
  272.                 for (DWORD i = 0; i < (DWORD)RightsCounter; i++)
  273.                 {
  274.                     wprintf(L"%s ", RightsList[i].Buffer);
  275.                 }
  276.                 printf("\n");
  277.             }
  278.             printf("Group's comment: %S\n", TempBuffer->grpi3_comment);
  279.         }
  280.         printf("\n");
  281.         break;
  282.     }
  283. }
  284. void CreateUser()
  285. {
  286.     USER_INFO_1 UserInfo;
  287.     NET_API_STATUS ErrorStatus;
  288.     WCHAR *password = (WCHAR*)malloc(20 * sizeof(WCHAR));
  289.     WCHAR *login = (WCHAR*)malloc(20 * sizeof(WCHAR));
  290.     DWORD inform_level = 1;
  291.     LPDWORD error_info = 0;
  292.     printf("Enter user's login: ");
  293.     _tscanf("%S", login);
  294.     printf("Enter user's password: ");
  295.     _tscanf("%S", password);
  296.  
  297.     //Filling in all information about user
  298.     UserInfo.usri1_name = login;
  299.     UserInfo.usri1_password = password;
  300.     UserInfo.usri1_priv = USER_PRIV_USER;
  301.     UserInfo.usri1_comment = L"A new user";
  302.     UserInfo.usri1_flags = UF_SCRIPT;
  303.     UserInfo.usri1_home_dir = NULL;
  304.     UserInfo.usri1_script_path = NULL;
  305.    
  306.     NetUserAdd_t myNetUserAdd = (NetUserAdd_t)GetProcAddress(hmNetModule, "NetUserAdd");
  307.  
  308.     ErrorStatus = myNetUserAdd(NULL, inform_level, (LPBYTE)&UserInfo, error_info);
  309.    
  310.     if (ErrorStatus == NERR_Success)
  311.     {
  312.         printf("Successfully created a new user.\n");
  313.     }
  314.     else
  315.     {
  316.         printf("Something went wrong: %x\n", ErrorStatus);
  317.     }
  318.     printf("\n");
  319. }
  320. void DeleteUser()
  321. {
  322.     WCHAR *login = (WCHAR*)malloc(20 * sizeof(WCHAR));
  323.     NET_API_STATUS ErrorStatus;
  324.     printf("Enter user's name: ");
  325.     _tscanf("%S", login);
  326.  
  327.     NetUserDel_t myNetUserDel = (NetUserDel_t)GetProcAddress(hmNetModule, "NetUserDel");
  328.  
  329.     ErrorStatus = myNetUserDel(NULL, login);
  330.     if (ErrorStatus == NERR_Success)
  331.     {
  332.         printf("Successfully deleted a user.\n");
  333.     }
  334.     else
  335.     {
  336.         printf("Something went wrong: %x\n", ErrorStatus);
  337.     }
  338.     printf("\n");
  339. }
  340. void CreateGroup()
  341. {
  342.     NET_API_STATUS ErrorStatus;
  343.     WCHAR *name = (WCHAR*)malloc(20 * sizeof(WCHAR));
  344.     WCHAR *comment = (WCHAR*)malloc(20 * sizeof(WCHAR));
  345.     GROUP_INFO_1 GroupInfo;
  346.     LPDWORD ErrorInfo= 0;
  347.  
  348.     printf("Enter group's name: ");
  349.     _tscanf("%S", name);
  350.  
  351.     printf("Enter group's comment: ");
  352.     _tscanf("%S", comment);
  353.    
  354.     GroupInfo.grpi1_name = name;
  355.     GroupInfo.grpi1_comment = comment;
  356.  
  357.     NetLocalGroupAdd_t myNetLocalGroupAdd = (NetLocalGroupAdd_t)GetProcAddress(hmNetModule, "NetLocalGroupAdd");
  358.  
  359.     ErrorStatus = myNetLocalGroupAdd(NULL, 1, (BYTE*)&GroupInfo, ErrorInfo);
  360.     if (ErrorStatus == NERR_Success)
  361.         printf("Successfully created a group.\n");
  362.     else
  363.         printf("Something went wrong: %x\n", ErrorStatus);
  364.     printf("\n");
  365. }
  366. void DeleteGroup()
  367. {
  368.     NET_API_STATUS ErrorStatus;
  369.     WCHAR *name = (WCHAR*)malloc(20 * sizeof(WCHAR));
  370.     printf("Enter group's name: ");
  371.     _tscanf("%S", name);
  372.  
  373.     NetLocalGroupDel_t myNetLocalGroupDel = (NetLocalGroupDel_t)GetProcAddress(hmNetModule, "NetLocalGroupDel");
  374.  
  375.     ErrorStatus = myNetLocalGroupDel(NULL, name);
  376.     if (ErrorStatus == NERR_Success)
  377.         printf("Successfully deleted a group.\n");
  378.     else
  379.         printf("Something went wrong: %x\n", ErrorStatus);
  380.     printf("\n");
  381. }
  382. void AddUserPrivilege()
  383. {
  384.     NET_API_STATUS ErrorStatus;
  385.     NTSTATUS ntStatus;
  386.     LPUSER_INFO_23 InfoBuffer;
  387.     WCHAR   *user = (WCHAR *)malloc(40 * sizeof(WCHAR));
  388.     WCHAR   *priv = (WCHAR *)malloc(40 * sizeof(WCHAR));
  389.     printf("Enter user's name: ");
  390.     _tscanf("%S", user);
  391.     printf("Enter new privilege: ");
  392.     _tscanf("%S", priv);
  393.  
  394.     NetUserGetInfo_t myNetUserGetInfo = (NetUserGetInfo_t)GetProcAddress(hmNetModule, "NetUserGetInfo");
  395.     LsaAddAccountRights_t myLsaAddAccountRights = (LsaAddAccountRights_t)GetProcAddress(hmAdvModule, "LsaAddAccountRights");
  396.  
  397.     ErrorStatus = myNetUserGetInfo(NULL, user, 23, (BYTE**)&InfoBuffer);
  398.     LSA_UNICODE_STRING RightsList;
  399.     RightsList.Buffer = priv;
  400.     RightsList.Length = wcslen(priv) * sizeof(WCHAR);
  401.     RightsList.MaximumLength = (wcslen(priv) + 1) * sizeof(WCHAR);
  402.     ULONG RightsCounter = 1;
  403.     ntStatus = myLsaAddAccountRights(g_PolicyHandle, InfoBuffer->usri23_user_sid, &RightsList, RightsCounter);
  404.     if (ntStatus == 0)
  405.     {
  406.         printf("Successfully added a new privilege.\n");
  407.     }
  408.     else
  409.     {
  410.         printf("Something went wrong: %x\n", ntStatus);
  411.     }
  412.     printf("\n");
  413.     free(user);
  414.     free(priv);
  415. }
  416. void DeleteUserPrivilege()
  417. {
  418.     NET_API_STATUS ErrorStatus;
  419.     NTSTATUS ntStatus;
  420.     LPUSER_INFO_23 InfoBuffer;
  421.     WCHAR   *user = (WCHAR *)malloc(40 * sizeof(WCHAR));
  422.     WCHAR   *priv = (WCHAR *)malloc(40 * sizeof(WCHAR));
  423.     printf("Enter user's name: ");
  424.     _tscanf("%S", user);
  425.     printf("Enter privilege to be deleted: ");
  426.     _tscanf("%S", priv);
  427.    
  428.     NetUserGetInfo_t myNetUserGetInfo = (NetUserGetInfo_t)GetProcAddress(hmNetModule, "NetUserGetInfo");
  429.     LsaRemoveAccountRights_t myLsaRemoveAccountRights = (LsaRemoveAccountRights_t)GetProcAddress(hmAdvModule, "LsaRemoveAccountRights");
  430.    
  431.     ErrorStatus = myNetUserGetInfo(NULL, user, 23, (BYTE**)&InfoBuffer);
  432.  
  433.     LSA_UNICODE_STRING RightsList;
  434.     RightsList.Buffer = priv;
  435.     RightsList.Length = wcslen(priv) * sizeof(WCHAR);
  436.     RightsList.MaximumLength = (wcslen(priv) + 1) * sizeof(WCHAR);
  437.     ULONG RightsCounter = 1;
  438.     ntStatus = myLsaRemoveAccountRights(g_PolicyHandle, InfoBuffer->usri23_user_sid, FALSE, &RightsList, RightsCounter);
  439.  
  440.     if (ntStatus == 0)
  441.     {
  442.         printf("Successfully deleted a privilege.\n");
  443.     }
  444.     else
  445.     {
  446.         printf("Something went wrong: %x\n", ntStatus);
  447.     }
  448.     printf("\n");
  449.     free(user);
  450.     free(priv);
  451. }
  452. void AddGroupPrivilege()
  453. {
  454.     NET_API_STATUS ErrorStatus;
  455.     NTSTATUS ntStatus;
  456.    
  457.     CHAR   *group_name = (CHAR *)malloc(60 * sizeof(CHAR));
  458.     WCHAR   *priv = (WCHAR *)malloc(40 * sizeof(WCHAR));
  459.  
  460.     printf("Enter group's name: ");
  461.     scanf("%s", group_name);
  462.     printf("Enter new privilege: ");
  463.     _tscanf("%S", priv);
  464.  
  465.     PSID pSid;
  466.     DWORD cbSid = 0;
  467.     SID_NAME_USE peUse;
  468.     DWORD cchReferencedDomainName = 0;
  469.     LPTSTR ReferencedDomainName;
  470.  
  471.     LookupAccountNameA_t myLookupAccountNameA = (LookupAccountNameA_t)GetProcAddress(hmAdvModule, "LookupAccountNameA");
  472.     LsaAddAccountRights_t myLsaAddAccountRights = (LsaAddAccountRights_t)GetProcAddress(hmAdvModule, "LsaAddAccountRights");
  473.  
  474.     myLookupAccountNameA(NULL, group_name, NULL, &cbSid, NULL, &cchReferencedDomainName, &peUse);
  475.  
  476.     pSid = (PSID)malloc(cbSid);
  477.     ReferencedDomainName = (LPTSTR)malloc(cchReferencedDomainName);
  478.     myLookupAccountNameA(NULL, (LPCSTR)group_name, pSid, &cbSid, ReferencedDomainName, &cchReferencedDomainName, &peUse);
  479.  
  480.     LSA_UNICODE_STRING RightsList;
  481.     RightsList.Buffer = priv;
  482.     RightsList.Length = wcslen(priv) * sizeof(WCHAR);
  483.     RightsList.MaximumLength = (wcslen(priv) + 1) * sizeof(WCHAR);
  484.     ULONG RightsCounter = 1;
  485.     ntStatus = myLsaAddAccountRights(g_PolicyHandle, pSid, &RightsList, RightsCounter);
  486.     if (ntStatus == 0)
  487.     {
  488.         printf("Successfully added a new privilege.\n");
  489.     }
  490.     else
  491.     {
  492.         printf("Something went wrong: %x\n", ntStatus);
  493.     }
  494.     printf("\n");
  495.     free(group_name);
  496.     free(priv);
  497. }
  498. void DeleteGroupPrivilege()
  499. {
  500.     NTSTATUS ntStatus;
  501.  
  502.     CHAR   *group_name = (CHAR *)malloc(60 * sizeof(CHAR));
  503.     WCHAR   *priv = (WCHAR *)malloc(40 * sizeof(WCHAR));
  504.  
  505.     printf("Enter group's name: ");
  506.     scanf("%s", group_name);
  507.     printf("Enter new privilege: ");
  508.     _tscanf("%S", priv);
  509.  
  510.     PSID pSid;
  511.     DWORD cbSid = 0;
  512.     SID_NAME_USE peUse;
  513.     DWORD cchReferencedDomainName = 0;
  514.     LPTSTR ReferencedDomainName;
  515.  
  516.     LookupAccountNameA_t myLookupAccountNameA = (LookupAccountNameA_t)GetProcAddress(hmAdvModule, "LookupAccountNameA");
  517.     LsaRemoveAccountRights_t myLsaRemoveAccountRights = (LsaRemoveAccountRights_t)GetProcAddress(hmAdvModule, "LsaRemoveAccountRights");
  518.  
  519.  
  520.     myLookupAccountNameA(NULL, group_name, NULL, &cbSid, NULL, &cchReferencedDomainName, &peUse);
  521.  
  522.     pSid = (PSID)malloc(cbSid);
  523.     ReferencedDomainName = (LPTSTR)malloc(cchReferencedDomainName);
  524.     myLookupAccountNameA(NULL, (LPCSTR)group_name, pSid, &cbSid, ReferencedDomainName, &cchReferencedDomainName, &peUse);
  525.  
  526.     LSA_UNICODE_STRING RightsList;
  527.     RightsList.Buffer = priv;
  528.     RightsList.Length = wcslen(priv) * sizeof(WCHAR);
  529.     RightsList.MaximumLength = (wcslen(priv) + 1) * sizeof(WCHAR);
  530.     ULONG RightsCounter = 1;
  531.     ntStatus = myLsaRemoveAccountRights(g_PolicyHandle, pSid, FALSE, &RightsList, RightsCounter);
  532.     if (ntStatus == 0)
  533.     {
  534.         printf("Successfully deleted a privilege.\n");
  535.     }
  536.     else
  537.     {
  538.         printf("Something went wrong: %x\n", ntStatus);
  539.     }
  540.     printf("\n");
  541.     free(group_name);
  542.     free(priv);
  543. }
  544. int main(int argc, char *argv[])
  545. {
  546.     hmAdvModule = LoadLibrary("Advapi32.dll");
  547.     hmNetModule =  LoadLibrary("NetApi32.dll");
  548.  
  549.     int InputChoice = 0;
  550.     g_PolicyHandle = ReceivePolicyHandle();
  551.     setlocale(LC_ALL, "Russian");
  552.     while (1)
  553.     {
  554.         PrintInterface();
  555.         printf("Enter command:");
  556.         std::cin >> InputChoice;
  557.         std::cin.ignore(32767, '\n');
  558.         switch (InputChoice)
  559.         {
  560.         case 1:
  561.         {
  562.             ShowUsersInfo();
  563.             break;
  564.         }
  565.         case 2:
  566.         {
  567.             ShowLocalGroups();
  568.             break;
  569.         }
  570.         case 3:
  571.         {
  572.             ShowGlobalGroups();
  573.             break;
  574.         }
  575.         case 4:
  576.         {
  577.             CreateUser();
  578.             break;
  579.         }
  580.         case 5:
  581.         {
  582.             DeleteUser();
  583.             break;
  584.         }
  585.         case 6:
  586.         {
  587.             CreateGroup();
  588.             break;
  589.         }
  590.         case 7:
  591.         {
  592.             DeleteGroup();
  593.             break;
  594.         }
  595.         case 8:
  596.         {
  597.             AddUserPrivilege();
  598.             break;
  599.         }
  600.         case 9:
  601.         {
  602.             DeleteUserPrivilege();
  603.             break;
  604.         }
  605.         case 10:
  606.         {
  607.             AddGroupPrivilege();
  608.             break;
  609.         }
  610.         case 11:
  611.         {
  612.             DeleteGroupPrivilege();
  613.             break;
  614.         }
  615.         case 12:
  616.         {
  617.  
  618.         }
  619.         default:
  620.             printf("Wrong commang, try again...");
  621.             break;
  622.         }
  623.     }
  624.     LsaClose(g_PolicyHandle);
  625.     FreeLibrary(hmAdvModule);
  626.     FreeLibrary(hmNetModule);
  627.     return 0;
  628. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!