Course 25 - API Python Hacking | Episode 5: Managing and Verifying Process Privileges

In this lesson, you’ll learn about:

• Fundamentals of Windows Access Tokens
  • Tokens define a process's privileges, such as shutting down the system or debugging memory
  • Tokens are static: you can enable/disable existing privileges but cannot add new ones
  • Difference between default tokens (limited rights, e.g., SeChangeNotify) and administrative tokens (powerful rights, e.g., SeDebugPrivilege)
• Programmatic Access to Tokens
  • Using Python’s ctypes to interface with kernel32.dll and advapi32.dll
  • Obtaining a privileged handle with OpenProcess
  • Accessing a process token via OpenProcessToken with TOKEN_ALL_ACCESS
  • Administrative elevation is required to manipulate high-privilege tokens
• Verifying Privilege Status
  • Defining C-compatible structures in Python: LUID, LUID_AND_ATTRIBUTES, PRIVILEGE_SET
  • Using LookupPrivilegeValue to convert a privilege name (e.g., SeDebugPrivilege) to a Locally Unique Identifier (LUID)
  • Checking if a privilege is enabled with the PrivilegeCheck API
• Key Outcome
  • Understanding how to inspect, enable, or disable privileges for a process
  • Lays the groundwork for advanced topics like token impersonation and privilege removal