PrivFu
PrivFu copied to clipboard
daem0nc0re
Revoking "Impersonate" revokes "Tcb" instead
Hi,
I am testing your tool and have stumbled onto what I think is an error. When I try to revoke "Impersonate/SeImpersonatePrivilege" your tool revokes "Tcb/SeTcbPrivilege" instead. I am executing this using an elevated CMD on a DC.
I tested on Domain Controller (Windows Server 2019) but failed to replicate your situation :( As far as I see, it seems that there are no suspicious things in my code. So I don't seem to be able to do much more than this, but if you have any additional information please let me know.
Strange... Why does it fail for me then?
I tested again using a different account and this time I tried to revoke "IncreaseWorkingSet" instead. Your tool attempts to yet again revoke "Tcb" instead but this time that fails. My DC is also running 2019.
Is there a debug or verbose flag I can use?
This tool converts your input by the following function.
So you can test it by inserting Console.WriteLine(right); into before if statement and Console.WriteLine(userRight.ToString()); into before return true;.
But this is simply compare input string and I have no idea why the conversion is failed in your environment.
https://github.com/daem0nc0re/PrivFu/blob/cd2d0fb396ac2371ce05ad024eddf29d9177305d/UserRightsUtil/UserRightsUtil/Handler/Execute.cs#L61