Sign in to follow this  
Followers 0

Runas System


34 posts in this topic

Posted (edited)

I tried to run an app under LSA
using impersonate user, Runas Func and much more
but nothing helped
finally i found how to go ahead

Herez the script for anyone having the same problem

As per the License
Q: How many copies of Sysinternals utilities may I freely load or use on computers owned by my company?
A: There is no limit to the number of times you may install and use the software on your devices or those you support.
Installation and use will not cause any violation of the License

 

#NoTrayIcon
#include-once
Opt("MustDeclareVars", 1)


_Runas_SYSTEM('notepad.exe', '-heya')

;$sRunProgramAsSystem : The Program which has to be run under LSA
;$sParams : The parameters which have to be passed to the specific program
;$sSession : if the program is GUI based then the Session should be the Current Session Usually 1 , if null Console Session is used
;$sPriority : -low, -belownormal, -abovenormal, -high, -background or -realtime
Func _Runas_SYSTEM($sRunProgramAsSystem, $sParams = '', $sSession = 1, $sPriority = '-abovenormal'); Your Program Goes here.

	Local $sPath = @ScriptDir & '\PsExec.exe'
	If Not FileExists($sPath) Then
		MsgBox(16, 'Error', 'Please download the PsExec.exe from the upcoming site')
		ShellExecute('http://technet.microsoft.com/en-us/sysinternals/bb897553')
		Return SetError(1, 0, -1)
	EndIf

	If $sParams Then $sParams = ' ' & $sParams
	Local $aResult = ShellExecuteWait($sPath, '-i ' & $sSession & ' ' & $sPriority & ' -d -s -h "' & $sRunProgramAsSystem & '"' & $sParams, @SystemDir, 'open', @SW_HIDE)
	If @error Then ConsoleWrite('! > Error Occured  Error Code: ' & @error)
	Return $aResult

EndFunc   ;==>_Runas_SYSTEM

Regards
Phoenix XL

Edited by PhoenixXL

Share this post


Link to post
Share on other sites



Posted

Nice. There is also a by user wraithdu that does not need any 3rd party executable to run things under LSA "Local System Account".

Share this post


Link to post
Share on other sites

Posted

There is also a by user wraithdu that does not need any 3rd party executable to run things under LSA "Local System Account".

I have tried that but as I said i didnt had luck

therefore i made this script

Share this post


Link to post
Share on other sites

Posted

It is difficult to run apps interactively from the system account since nt6.x was introduced (session separation). In nt5.x it was far easier. NtCreateThreadEx works fine here on my Windows 7 SP1 x64 in combination with WinExec, but is surely a dirty method. Something like CreateProcessAsUser and DuplicateTokenEx would probably be a much cleaner approach, but last time I tried this I failed. Anyway (and regardless of what api you use), at best you can run cmdline apps interactively across sessions on nt6.x, meaning any gui is blocked/not visible across sessions. Switching sessions will of course let you interact with gui's. Administrator privileges is of course necessary in order to run as the system account, unless you found a way to invalidate the Windows security model.

Share this post


Link to post
Share on other sites

Posted

yup i agree with u joakim

in my computer it worked therefore i shared it :P

Share this post


Link to post
Share on other sites

Posted

What do I do if I receive this message?

!!!NOT RELOCATABLE MODULE. I WILL TRY BUT THIS MAY NOT WORK!!!

Share this post


Link to post
Share on other sites

Posted

Ignore that Message or just comment out that line from the Script

The PSEXEC.exe isnt a Relocatable Module therefore the message is popped

Share this post


Link to post
Share on other sites

Posted (edited)

Hi Phoenix,

i am using W2k3 Enterprise and notepad is being executed as an admin but not system.

Rgds

deltar

[EDIT]

It is working as per the documentation.

Edited by deltar

Share this post


Link to post
Share on other sites

Posted (edited)

@deltarocked ,

Is the name of your LSA, System or other programs start with the username SYSTEM ?

Edited by PhoenixXL

Share this post


Link to post
Share on other sites

Posted (edited)

Hi Phoenix ,

My appologies. its working as per the documentation. the only change which I have done is to remove '&$sSession&'

Regards

DeltaR

Edited by deltar

Share this post


Link to post
Share on other sites

Posted

What a laughably stupid fucking script. You imply too much credit to yourself silly.

For one, you don't give any credit to Mark Russinovich, who created that executable you're executing in memory using Trancexxs code.

But my point is, WHY?!? Why for fucking gods sake are you executing it from memory using that code you stupid fucking numb-nut dumbass? Holy shit and I hope you know it is against their user license agreement to distribute their software in any of the worthless crap you fabricate using other peoples shit.

Read their fucking user license agreement you stupid little bitch, before you get into trouble. You half ass script kiddie.

http://technet.microsoft.com/en-us/sysinternals/bb847944

Share this post


Link to post
Share on other sites

Posted (edited)

charming fellow. I wonder what bug bit his bum...

Edited by scullion

Share this post


Link to post
Share on other sites

Posted

Probably some tool that got banned and decided to do a little unrest.

Share this post


Link to post
Share on other sites

Posted (edited)

Hi Phoenix,

I had tried once converting psexec into the runbinary module but had failed . but this one has helped me immensely and will be utilising it one of my projects. It is being used to launch another autoit script as "System"

Thanks once again and regards

DeltaR

Edited by deltar

Share this post


Link to post
Share on other sites

Posted (edited)

LOL

Anyways if u wish to use then use it orelse dont use

@DoomsDayDanny,

BTW i didnt take any credit of the executable. If u know the name of the author why not make a novel for it <_<

Edited by PhoenixXL

Share this post


Link to post
Share on other sites

Posted

LOL

Anyways if u wish to use then use it orelse dont use

@DoomsDayDanny,

BTW i didnt take any credit of the executable. If u know the name of the author why not make a novel for it <_<

You are still distributing the program, even though the license clearly says you cant

Share this post


Link to post
Share on other sites

Posted

Illegal distribution is illegal.

PhoenixXL be smart. I expect the first thing you'll do when you'd be around is to deal with this.

Share this post


Link to post
Share on other sites

Posted

Modified the script which now only installs and executes the executable ,

not violating the license

Explained in the first post

Share this post


Link to post
Share on other sites

Posted (edited)

You are violating the license, see this quote from the link provided above.

Q: May I distribute Sysinternals utilities in my software, on my website, or with my magazine?

A: No. We are not offering any distribution licenses, even if the 3rd party is distributing them for free. We encourage people to download the utilities from our download center where they can be assured to get the most recent version of the utility.

Because you embedded it in your script, you are violating the part in green above. Edited by BrewManNH

Share this post


Link to post
Share on other sites

Posted

yup maybe

again updated

Now it checks for PsExec in the script dir, if not present then notifies the User to download it from the website

Now it doesnt seem to be an UDF :mellow:

Share this post


Link to post
Share on other sites

Posted

Hope so now it doesnt violate the License

Share this post


Link to post
Share on other sites

Posted

Now it doesnt seem to be an UDF :mellow:

Well, it is just a cmdline wrapper around psexec?

Share this post


Link to post
Share on other sites

Posted

Just make a notification box that asks to download the full version of their tools from their website, and use the zlib plugin to get just the exe, then execute it in memory.

This way technically, the user is still knowingly, choosing to download the tool from the official website. (no breaking ToS)

Share this post


Link to post
Share on other sites

Posted

Hello,

where can I download this UDF with or without the psexec included?

Thanks in advance

Share this post


Link to post
Share on other sites

Posted

Hello,

where can I download this UDF with or without the psexec included?

Thanks in advance

The whole thing is in the first post, it's not a download, it's posted in the code box.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0