|
2 | 2 | // |
3 | 3 |
|
4 | 4 | #include <iostream> |
| 5 | + |
| 6 | +#include <format> |
| 7 | + |
| 8 | + |
| 9 | + |
| 10 | +#pragma comment(lib, "Ws2_32.lib") |
| 11 | +#include <WinSock2.h> |
| 12 | +#include <WS2tcpip.h> |
| 13 | + |
5 | 14 | #include <Windows.h> |
| 15 | + |
6 | 16 | #include <securitybaseapi.h> |
7 | 17 | #include <sddl.h> |
8 | | -#include <format> |
9 | | -int main() |
| 18 | +#include "NTSecAPI.h" |
| 19 | + |
| 20 | +#define S_LISTEN_PORT "3389" |
| 21 | + |
| 22 | +void main() { |
| 23 | + std::cout << "connect test start\n"; |
| 24 | + WSADATA wsaData; |
| 25 | + int wsaResult; |
| 26 | + |
| 27 | + // success is zero, has custom errorcoddes |
| 28 | + if (wsaResult = WSAStartup(MAKEWORD(2, 2), &wsaData)) { |
| 29 | + std::cout << std::format("error in WSAStartup, dec {}\n", wsaResult); |
| 30 | + exit(-1); |
| 31 | + } |
| 32 | + |
| 33 | + std::cout << "wsastartup done\n"; |
| 34 | + struct addrinfo hints = {}; |
| 35 | + hints.ai_family = AF_INET; |
| 36 | + hints.ai_socktype = SOCK_STREAM; |
| 37 | + hints.ai_protocol = IPPROTO_TCP; |
| 38 | + hints.ai_flags = AI_PASSIVE; |
| 39 | + |
| 40 | + |
| 41 | + |
| 42 | + struct addrinfo* result = nullptr; |
| 43 | + std::string localhostIp("127.0.0.1"); |
| 44 | + if ((wsaResult = getaddrinfo(localhostIp.c_str(), S_LISTEN_PORT, &hints, &result)) == SOCKET_ERROR || !result) { |
| 45 | + std::cout << std::format("could not resolve host, gle {:x}, errcode {:x}\n", WSAGetLastError(), wsaResult); |
| 46 | + exit(-1); |
| 47 | + } |
| 48 | + std::cout << "got gai result\n"; |
| 49 | + |
| 50 | + SOCKET sock = socket(result->ai_family, result->ai_socktype, result->ai_protocol); |
| 51 | + if (sock == INVALID_SOCKET) { |
| 52 | + std::cout << "Socket create err\n"; |
| 53 | + exit(-1); |
| 54 | + } |
| 55 | + |
| 56 | + std::cout << "got socket \n"; |
| 57 | + if ((wsaResult = connect(sock, result->ai_addr, result->ai_addrlen)) == SOCKET_ERROR) { |
| 58 | + std::cout << std::format("Connection error WGLE={:x}\n", WSAGetLastError()); |
| 59 | + exit(-1); |
| 60 | + } |
| 61 | + |
| 62 | + std::cout << "Connected\n"; |
| 63 | +} |
| 64 | + |
| 65 | +void read_print_flag() { |
| 66 | + |
| 67 | + HANDLE hFile = CreateFile(L"\\\\?\\PhysicalDrive2", GENERIC_READ, 0, nullptr, OPEN_EXISTING, 0, nullptr); |
| 68 | + |
| 69 | + if (hFile == 0 || hFile == INVALID_HANDLE_VALUE) { |
| 70 | + std::cout << std::format("Could not open file, GLE {:x}", GetLastError()); |
| 71 | + } |
| 72 | + char buf[512] = {}; |
| 73 | + DWORD bytesRead; |
| 74 | + ReadFile(hFile, buf, sizeof(buf), &bytesRead, nullptr); |
| 75 | + |
| 76 | + std::cout << buf; |
| 77 | +} |
| 78 | + |
| 79 | +int main_try_logon() { |
| 80 | + HANDLE hToken; |
| 81 | + if (!LogonUser(L"Administrator", L".", L"password", SECURITY_LOGON_TYPE::Interactive, LOGON32_PROVIDER_DEFAULT, &hToken)) { |
| 82 | + std::cerr << std::format("Could not logon user, GLE {:x}", GetLastError()); |
| 83 | + exit(-1); |
| 84 | + } |
| 85 | + |
| 86 | + HANDLE hImpToken; |
| 87 | + if (!DuplicateToken(hToken, SECURITY_IMPERSONATION_LEVEL::SecurityImpersonation, &hImpToken)) { |
| 88 | + std::cerr << std::format("Could not duplicate token, GLE {:x}", GetLastError()); |
| 89 | + exit(-1); |
| 90 | + } |
| 91 | + |
| 92 | + if (!SetThreadToken(NULL, hImpToken)) { |
| 93 | + std::cerr << std::format("Could not set thread token, GLE {:x}", GetLastError()); |
| 94 | + exit(-1); |
| 95 | + } |
| 96 | + |
| 97 | + read_print_flag(); |
| 98 | + |
| 99 | +} |
| 100 | + |
| 101 | +int main_echo() { |
| 102 | + |
| 103 | + std::cout << "Hello, this is an echo program!\n"; |
| 104 | + |
| 105 | + while (true) { |
| 106 | + char buf[512]; |
| 107 | + std::cin.get(buf,512,'\n'); |
| 108 | + |
| 109 | + |
| 110 | + if (std::cin.eof()) { |
| 111 | + std::cerr << "Detected EOF, quitting\n"; |
| 112 | + exit(0); |
| 113 | + } |
| 114 | + /* |
| 115 | + if (!std::cin) { |
| 116 | + std::cerr << "Have error, quitting\n"; |
| 117 | + exit(0); |
| 118 | + }*/ |
| 119 | + |
| 120 | + if (std::cin.gcount() == 4 && !memcmp(buf, "QUIT", 4)) { |
| 121 | + exit(0); |
| 122 | + } |
| 123 | + |
| 124 | + for (int i = 0; i < std::cin.gcount(); i++) { |
| 125 | + buf[i]++; |
| 126 | + } |
| 127 | + std::cout.write(buf, std::cin.gcount()); |
| 128 | + } |
| 129 | + |
| 130 | + |
| 131 | +} |
| 132 | + |
| 133 | +int main_read_test() |
10 | 134 | { |
11 | 135 | std::cout << "Fumble my token NOW\n"; |
12 | 136 | getchar(); |
@@ -43,16 +167,6 @@ int main() |
43 | 167 | */ |
44 | 168 |
|
45 | 169 |
|
46 | | - HANDLE hFile = CreateFile(L"\\\\?\\PhysicalDrive1", GENERIC_READ, 0, nullptr, OPEN_EXISTING, 0, nullptr); |
47 | | - |
48 | | - if (hFile == 0 || hFile == INVALID_HANDLE_VALUE) { |
49 | | - std::cout << std::format("Could not open file, GLE {:x}", GetLastError()); |
50 | | - } |
51 | | - char buf[512] = {}; |
52 | | - DWORD bytesRead; |
53 | | - ReadFile(hFile, buf, sizeof(buf), &bytesRead, nullptr); |
54 | | - |
55 | | - std::cout << buf; |
56 | 170 |
|
57 | 171 | } |
58 | 172 |
|
|
0 commit comments