冒充远程机器

时间:2015-04-30 17:22:17

标签: c# c#-4.0 wmi remote-access impersonation

我想在远程计算机上连接时冒充用户。我能够连接远程机器甚至能够启动一个过程。但在那之后,当我检查activeconsolesession时,它返回我的本地机器活动会话,而不是远程计算机。(已经连接到远程机器)。这是我的代码

  public void impersonateSystem()
    {
        IntPtr tokenHandle = IntPtr.Zero;
        IntPtr hUserToken = IntPtr.Zero;

        ConnectionOptions conn = new ConnectionOptions();
        conn.Impersonation = ImpersonationLevel.Impersonate;
        conn.EnablePrivileges = true;
        string remote="window-PC";
        conn.Username = "administrator";
        conn.Password = "pass";
        conn.EnablePrivileges = true;
        ManagementScope manScope = new ManagementScope(String.Format(@"\\{0}\ROOT\CIMV2",remote ), conn);
        manScope.Connect();

           conn.EnablePrivileges = true;
        ObjectGetOptions objectGetOptions = new ObjectGetOptions();
        ManagementPath managementPath = new ManagementPath("Win32_Process");
        ManagementClass processClass = new ManagementClass(manScope, managementPath, objectGetOptions);
        ManagementBaseObject inParams = processClass.GetMethodParameters("Create");
        inParams["CommandLine"] = "cmd.exe  'C:\\v.exe'" ;
        ManagementBaseObject outParams = processClass.InvokeMethod("Create", inParams, null);
        Console.WriteLine("Creation of the process returned: " + outParams["returnValue"]);
        Console.WriteLine("Process ID: " + outParams["processId"]);


               PROCESS_INFORMATION pi1;

               var si1 = new STARTUPINFO();
               var sa1 = new SECURITY_ATTRIBUTES();
               si1.cb = Marshal.SizeOf(si);
               si1.lpDesktop = "winsta0\\default";
               uint dwCreationFlags1 = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
               IntPtr pEnv1 = IntPtr.Zero;


               uint dwSessionId = WTSGetActiveConsoleSessionId(); 
               WTSQueryUserToken(dwSessionId, ref hUserToken);

               WindowsIdentity who1 = new WindowsIdentity(hUserToken);
               who1.Impersonate();

              bool  bResult = CreateProcessAsUser(hUserToken,"C:\\pr.exe",null, ref sa1,ref sa1,false,(int)dwCreationFlags1,pEnv1,null,ref si1, out pi1);
                Console.WriteLine(WindowsIdentity.GetCurrent().Name);

                CloseHandle(hUserToken); 
                CloseHandle(tokenHandle);
                impersonationEnabled = true;

            }
        }
    }

为什么WTSGetActiveConsoleSessionId();正在返回本地活动控制台会话而非远程活动控制台会话。

0 个答案:

没有答案