tags:

views:

393

answers:

1
+1  Q: 

ImpersonateLoggedOnUser doesn't appear to work

After a successful call to both LogonUser and ImpersonateLoggedOnUser it doesn't appear that my process is running as the new user...

system("whoami");

prints out: Chris-PC\Chris

when it should be: Chris-PC\LimitedGuy

Is there a function I'm not calling or something?

My code:

if(argc == 6) // impersonate
  {

   printf("[~] Logging in as %ws\\\\%ws..\n", argv[3], argv[4]);
   if(!LogonUser(argv[4], argv[3], argv[5], LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &logonToken))
   {
    printf("[!] Failed to login as %ws. Error Code: %X\n", argv[4], GetLastError());
    return 1;
   }


   if(!ImpersonateLoggedOnUser(logonToken))
   {
    printf("[!] ImpersonateLoggedOnUser failed with error code: %X\n", GetLastError());
    return 1;
   }

   LoadUserProfile(logonToken, &plinfo);
   system("whoami");
   printf("[~] Login successful!\n");
}
+2  A: 

When you use the system call a new process is created to execute the command but in Windows the new process is always created with the token from the parent process not the thread (unless you specifically use one of the CreateProcessAsUser, CreateProcessWithLogonW, etc. calls). So in your case 'whoami' is executed in the context of the original user not the one impersonating. To check the name of the user being impersonated call GetUserName.

Stephen Martin  2009-10-12 00:53:21
When I use CreateProcessAsUser to launch cmd.exe it still fails when i type "whoami". Is there anyway to force the launched process to take on the security attributes I want?
Chris T  2009-10-12 01:56:02
I just tried a quick test using CreateProcessWithLogonW and it worked as expected - whoami gave the user name of the account the process was launched under not that of the original user. It may have something to do with environment blocks or something along those lines though it seems unlikely. Maybe you could post your CreateProcessAsUser code.
Stephen Martin  2009-10-13 15:50:40

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS