ntdll提权函数使用
RtlAdjustPrivilege函数略解
NTSTATUS RtlAdjustPrivilege ( ULONG Privilege, BOOLEAN Enable, BOOLEAN CurrentThread, PBOOLEAN Enabled )
参数的含义: Privilege [In] Privilege index to change. // 所需要的权限名称,可以到 MSDN 查找关于 Process Token & Privilege 内容可以查到
Enable [In] If TRUE, then enable the privilege otherwise disable. // 如果为True 就是打开相应权限,如果为False 则是关闭相应权限
CurrentThread [In] If TRUE, then enable in calling thread, otherwise process. // 如果为True 则仅提升当前线程权限,否则提升整个进程的权限
Enabled [Out] Whether privilege was previously enabled or disabled. // 输出该权限之前的状态是开启还是关闭
权限ID对应的字码以及描述
1.SeCreateTokenPrivilege 0x2 Create a token object
2.SeAssignPrimaryTokenPrivilege 0x3 Replace a process level token
3.SeLockMemoryPrivilege 0x4 Lock pages in memory
4.SeIncreaseQuotaPrivilege 0x5 Adjust memory quotas for a process
5.SeUnsolicitedInputPrivilege 0x0
6.SeMachineAccountPrivilege 0x6
7.SeTcbPrivilege 0x7 Act as part of the operating system
8.SeSecurityPrivilege 0x8 Manage auditing and security log
9.SeTakeOwnershipPrivilege 0x9 Take ownership of files or other objects
10.SeLoadDriverPrivilege 0xa Load and unload device drivers
11.SeSystemProfilePrivilege 0xb Profile system performance
12.SeSystemtimePrivilege 0xc Change the system time
13.SeProfileSingleProcessPrivilege 0xd Profile single process
14.SeIncreaseBasePriorityPrivilege 0xe Increase scheduling priority
15.SeCreatePagefilePrivilege 0xf Create a pagefile
16.SeCreatePermanentPrivilege 0x10 Create permanent shared objects
17.SeBackupPrivilege 0x11
18.SeRestorePrivilege 0x12
19.SeShutdownPrivilege 0x13
20.SeDebugPrivilege 0x14
21.SeAuditPrivilege 0x15 Generate security audits
22.SeSystemEnvironmentPrivilege 0x16 Modify firmware environment values
23.SeChangeNotifyPrivilege 0x17 Bypass traverse checking
24.SeRemoteShutdownPrivilege 0x18
25.SeUndockPrivilege 0x19 Remove computer from docking station
26.SeSyncAgentPrivilege 0x1a
27.SeEnableDelegationPrivilege 0x1b
28.SeManageVolumePrivilege 0x1c Perform volume maintenance tasks
29.SeImpersonatePrivilege 0x1d Impersonate a client after authentication
30.SeCreateGlobalPrivilege 0x1e
31.SeTrustedCredManAccessPrivilege 0x1f Access Credential Manager as a trusted caller
32.SeRelabelPrivilege 0x20 Modify an object label
33.SeIncreaseWorkingSetPrivilege 0x21 Increase a process working set
34.SeTimeZonePrivilege 0x22
35.SeCreateSymbolicLinkPrivilege 0x23
以下是以管理员权限打开powershell后摘录的权限描述: 特权名 描述 状态 ========================================= ================================== ====== SeIncreaseQuotaPrivilege 为进程调整内存配额 已禁用 SeSecurityPrivilege 管理审核和安全日志 已禁用 SeTakeOwnershipPrivilege 取得文件或其他对象的所有权 已禁用 SeLoadDriverPrivilege 加载和卸载设备驱动程序 已禁用 SeSystemProfilePrivilege 配置文件系统性能 已禁用 SeSystemtimePrivilege 更改系统时间 已禁用 SeProfileSingleProcessPrivilege 配置文件单一进程 已禁用 SeIncreaseBasePriorityPrivilege 提高计划优先级 已禁用 SeCreatePagefilePrivilege 创建一个页面文件 已禁用 SeBackupPrivilege 备份文件和目录 已禁用 SeRestorePrivilege 还原文件和目录 已禁用 SeShutdownPrivilege 关闭系统 已禁用 SeDebugPrivilege 调试程序 已启用 SeSystemEnvironmentPrivilege 修改固件环境值 已禁用 SeChangeNotifyPrivilege 绕过遍历检查 已启用 SeRemoteShutdownPrivilege 从远程系统强制关机 已禁用 SeUndockPrivilege 从扩展坞上取下计算机 已禁用 SeManageVolumePrivilege 执行卷维护任务 已禁用 SeImpersonatePrivilege 身份验证后模拟客户端 已启用 SeCreateGlobalPrivilege 创建全局对象 已启用 SeIncreaseWorkingSetPrivilege 增加进程工作集 已禁用 SeTimeZonePrivilege 更改时区 已禁用 SeCreateSymbolicLinkPrivilege 创建符号链接 已禁用 SeDelegateSessionUserImpersonatePrivilege 获取同一会话中另一个用户的模拟令牌 已禁用