ProcessClientThread() creates a named pipe handle but never closes it, resulting in a handle leak. #2
Description
ProcessClientThread creates a named pipe handle hPipe but never closes it, resulting in a handle leak.
if (success)
{
responseMsg = $"[*] Impersonating token {capturedSession.Value.TokenHandle} for LUID {capturedSession.Value.Luid} to {pipeName}";
// 0x80000000 | 0x40000000 -> GENERIC_READ | GENERIC_WRITE
// 3 -> OPEN_EXISTING
Thread.Sleep(1000);
IntPtr hPipe = Interop.CreateFile($"{pipeName}", 0x80000000 | 0x40000000, 0, 0, 3, 0, 0);
if (hPipe.ToInt64() == -1)
{
var ex = new Win32Exception(Marshal.GetLastWin32Error());
Console.WriteLine($" [X] Error conecting to {pipeName} : {ex.Message} ({ex.ErrorCode})");
}
else
{
// write a single byte out so we can fulfil the ReadFile() requirement on the other side of the pipe
byte[] bytes = new byte[1];
uint written = 0;
Interop.WriteFile(hPipe, bytes, (uint)bytes.Length, out written, IntPtr.Zero);
Thread.Sleep(500);
+ CloseHandle(hPipe); <<< need to close this handle before the variable goes out of scope
}
Interop.RevertToSelf();Line 289 in 0283d9f