Sign in to follow this  
Followers 0
AntiVirusGuy

help two problems admin launcher and runasset

2 posts in this topic

I have two problems

1. I can not get IE or my "other" drag and drop to work with the runas commands

2. I can not get this script to work with the local admin account only the Domain account (yes it is on the machine and active and works from a right click runas)

;region Script Settings

;<settings><scriptpackager><process>autoit3.exe</process>

;<arguments></arguments>

;<extractdir>%TEMP%</extractdir>

;<outputdir>S:\6_Security\programs\0506b\admin launcher</outputdir>

;<files></files>

;<usedefaulticon>True</usedefaulticon>

;<icon></icon>

;<showinsystray>True</showinsystray>

;<tooltip></tooltip>

;<altcreds>False</altcreds>

;<efs>True</efs>

;<ntfs>True</ntfs>

;<local>False</local>

;<username></username>

;<domain></domain>

;<abortonfail>True</abortonfail>

;<product></product>

;<internalname></internalname>

;<version>1.0.0.1</version>

;<versionstring></versionstring>

;<description></description>

;<comments></comments>

;<company></company>

;</scriptpackager>

;</settings>

;

;endregion

#include <GUIConstants.au3>

;Generated with Form Designer preview

AutoItSetOption ( "RunErrorsFatal", 0)

AutoItSetOption ( "TrayIconHide", 1)

$Form1 = GUICreate("CSC Admin Launcher......or not", 576, 135, 192, 125, -1, BitOR($WS_EX_ACCEPTFILES,$WS_EX_TOPMOST));$WS_EX_TOOLWINDOW

$domain = GUICtrlCreateCombo("Colbys", 296, 20, 89, 21)

GUICtrlSetData(-1,"local","Colbys")

$program = GUICtrlCreateCombo("Explorer", 416, 20, 145, 21)

GUICtrlSetData(-1,"Command|Control Panel|Internet Explorer|Other","Explorer")

GUICtrlCreateLabel("User", 8, 0, 43, 20)

GUICtrlCreateLabel("password", 160, 0, 48, 20)

GUICtrlCreateLabel("Domain", 296, 0, 43, 20)

GUICtrlCreateLabel("Program", 416, 0, 43, 20)

$username = GUICtrlCreateInput("", 8, 20, 121, 21, -1, $WS_EX_CLIENTEDGE)

$password = GUICtrlCreateInput("", 160, 20, 113, 21, $ES_PASSWORD,$WS_EX_CLIENTEDGE)

$oprogram = GUICtrlCreateInput("", 8, 56, 553, 21, -1, $WS_EX_CLIENTEDGE)

GUICtrlSetState(-1,$GUI_ACCEPTFILES)

$launch = GUICtrlCreateButton("Launch", 416, 88, 145, 25)

GUISetState()

While 1

$msg = GUIGetMsg()

Select

Case $msg = $GUI_EVENT_CLOSE

ExitLoop

Case $msg = $launch

$rusername = GUICtrlRead($username)

$rpassword = GUICtrlRead($password)

$rrdomain = GUICtrlRead($domain)

If $rrdomain = "colbys" Then

$rdomain = "colbys"

If $rrdomain = "local" Then $rdomain = @ComputerName

EndIf

$rprogram = GUICtrlRead($program)

$roprogram = GUICtrlRead($oprogram)

RunAsSet($rusername, $rdomain, $rpassword)

If $rprogram = "command" Then

Run("cmd.exe",@SystemDir)

;Run(@ComSpec & " /c " & 'cmd', "")

If @Error = "1" Then

MsgBox(64,"error","Try again")

EndIf

ElseIf $rprogram = "explorer" Then

Run("explorer.exe", @WindowsDir)

If @Error = "1" Then

MsgBox(64,"error","Try again")

EndIf

ElseIf $rprogram = "Control Panel" Then

;Run(@SystemDir & "Rundll32.exe Shell32.dll,Control_RUNDLL Desk.cpl")

Run("control.exe",@SystemDir)

If @Error = "1" Then

MsgBox(64,"error","Try again")

EndIf

;Run("control.exe desk.cpl")

;Run(@ComSpec & " /c start desk.cpl")

ElseIf $rprogram = "other" Then

;MsgBox(64,@SystemDir,@WindowsDir)

Run ($roprogram)

If @Error = "1" Then

MsgBox(64,"error","Try again")

EndIf

ElseIf $rprogram = "Internet Explorer" Then

Run("iexplore.exe","C:\Program Files\Internet Explorer")

If @Error = "1" Then

MsgBox(64,"error","Try again")

EndIf

EndIf

RunAsSet()

EndSelect

WEnd

GUIDelete()

Exit

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

for you security probleme with the domain and local administrator right!

try start you script from the command AT in shell then the autoit process will be granted with system right and overpass any restriction on the domain. this is a really security probleme with windows system.

any user who have access at this command: "AT" (this is the command prompt for the task sheduler)

can overpass security! try running AT present_time /INTERACTIVE regedit.exe and go to HKLM\security you will find some thing you never see before all user account and pass in NT or NTLM hash.

by the way if you are a admin on your domain i sugest you disable the use of this command with OrganisationalUnit and GroupPolicies.

and for the other probleme you mention! ! im a little confuse! hehe! and im not sure if i understand your probleme correctely! im french! hehe B)

take care!

Edited by Greenseed

GreenseedMCSE+I, CCNA, A+Canada, QuebecMake Love Around You.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0