This repository was archived by the owner on Jan 21, 2021. It is now read-only.
File tree Expand file tree Collapse file tree 1 file changed +2
-1
lines changed Expand file tree Collapse file tree 1 file changed +2
-1
lines changed Original file line number Diff line number Diff line change @@ -1685,7 +1685,8 @@ Blog on this script: http://clymb3r.wordpress.com/2013/11/03/powershell-and-toke
16851685 # First GetSystem. The script cannot enumerate all tokens unless it is system for some reason. Luckily it can impersonate a system token.
16861686 # Even if already running as system, later parts on the script depend on having a SYSTEM token with most privileges.
16871687 # We need to enumrate all processes running as SYSTEM and find one that we can use.
1688- $SystemTokens = Get-Process - IncludeUserName | Where {$_.Username -eq " NT AUTHORITY\SYSTEM"
1688+ [string ]$LocalSystemNTAccount = (New-Object - TypeName ' System.Security.Principal.SecurityIdentifier' - ArgumentList ([Security.Principal.WellKnownSidType ]::' LocalSystemSid' , $null )).Translate([Security.Principal.NTAccount ]).Value
1689+ $SystemTokens = Get-Process - IncludeUserName | Where {$_.Username -eq $LocalSystemNTAccount }
16891690 ForEach ($SystemToken in $SystemTokens )
16901691 {
16911692 $SystemTokenInfo = Get-PrimaryToken - ProcessId $SystemToken.Id - WarningAction SilentlyContinue - ErrorAction SilentlyContinue
You can’t perform that action at this time.
0 commit comments