Reputation: 11342
ImpersonateLoggedOnUser doesn't appear to work
After a successful call to both LogonUser and ImpersonateLoggedOnUser it doesn't appear that my process is running as the new user...
system("whoami");
prints out: Chris-PC\Chris
when it should be: Chris-PC\LimitedGuy
Is there a function I'm not calling or something?
My code:
if(argc == 6) // impersonate
{
printf("[~] Logging in as %ws\\\\%ws..\n", argv[3], argv[4]);
if(!LogonUser(argv[4], argv[3], argv[5], LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &logonToken))
{
printf("[!] Failed to login as %ws. Error Code: %X\n", argv[4], GetLastError());
return 1;
}
if(!ImpersonateLoggedOnUser(logonToken))
{
printf("[!] ImpersonateLoggedOnUser failed with error code: %X\n", GetLastError());
return 1;
}
LoadUserProfile(logonToken, &plinfo);
system("whoami");
printf("[~] Login successful!\n");
}
Upvotes: 1
Views: 3426
Answers (1)
Reputation: 9645
When you use the system call a new process is created to execute the command but in Windows the new process is always created with the token from the parent process not the thread (unless you specifically use one of the CreateProcessAsUser, CreateProcessWithLogonW, etc. calls). So in your case 'whoami' is executed in the context of the original user not the one impersonating. To check the name of the user being impersonated call GetUserName.
Upvotes: 4
Related Questions
- Token impersonation on Windows requires administrator permission Why?
- ImpersonateLoggedOnUser not working in windows service
- Why does Win32 API function CredEnumerate() return ERROR_NOT_FOUND if I'm impersonated?
- ImpersonateLoggedOnUser is successful but secondary process is still run in the initial context
- LogonUser returns true for a wrong password
- Windows impersonation LogonUser error
- Odd behavior of windows Impersonation
- ImpersonateLoggedOnUser and starting a new process that uses ocx fails
- Conditions where ImpersonateLoggedOnUser fails
- LogonUser and delegation