Re: Using AdjustTokenPrivileges via Meterpreter Railgun

["Spencer, Shelby C" <Shelby_C_Spencer () rl gov>]

Thank you both.

That is what I was missing.  I think I can figure the rest out.

From: jd.mubix () gmail com [mailto:jd.mubix () gmail com] On Behalf Of Rob Fuller
Sent: Tuesday, January 15, 2013 8:49 PM
To: devin bjelland
Cc: Spencer, Shelby C; framework () spool metasploit com
Subject: Re: [framework] Using AdjustTokenPrivileges via Meterpreter Railgun

Another thing is to just build it out based on the spec if you can. DWORD,DWORD,DWORD,DWORD == 4 + 4 + 4 + 4 right? so 
if you wanted to set each to 1 you could do this in ruby:

1.9.3-p194 :008 > bob = "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01"
 => "\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0001"

1.9.3-p194 :010 > bob.unpack("C*")
 => [0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1]

1.9.3-p194 :013 > bob.unpack("N*")
 => [1, 1, 1, 1]

Then write that into memory. (VirtualAlloc first, then writemem)



--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org

On Tue, Jan 15, 2013 at 10:03 PM, devin bjelland <devinbjelland () gmail com<mailto:devinbjelland () gmail com>> wrote:
Try writing the structure in c++, compiling for the target architecture, and then looking at the structure in memory 
with a debugger.

On Tue, Jan 15, 2013 at 12:40 AM, Spencer, Shelby C <Shelby_C_Spencer () rl gov<mailto:Shelby_C_Spencer () rl gov>> 
wrote:
Thanks Mubix for your response.  I understand that I need to construct the Struct as a byte sequence, but I don't know 
what that should look like.  Is there a guide on this?  Does it follow some predefined standard (of which I am not 
aware)?

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework