Jump to content

SuperPrompt

txomin

By txomin
in AutoIt Example Scripts

 Share

Recommended Posts

txomin Seeker

txomin

Posted
Posted

The quickest way I know to have the DOS prompt running under Windows as a SYSTEM process.

Useful when you want to kill a process that normally doesn't stop.

Every application you launch with this will be run with SYSTEM credentials.

If IsAdmin() Then
     Run(@ComSpec & " /c " & "sc create testsvc binpath= ""cmd /K start"" type= own type= interact", "", @SW_HIDE)
     Run(@ComSpec & " /c " & "sc start testsvc", "", @SW_HIDE)
     Sleep(1000)
     Run(@ComSpec & " /c " & "sc delete testsvc", "", @SW_HIDE)
Else
     MsgBox(16,"Error","You do not have administrator priviledges on the local machine.")
EndIf
RazerM Universalist

RazerM

Posted
Posted (edited)

This Works really well.

What about udf syntax?

;===============================================================================
;
; Function Name:   _CmdSystem
; Description::    Starts cmd with SYSTEM credentials
; Parameter(s):    None
; Requirement(s):  None
; Return Value(s): 1 - Success, 0 and @error = 1 - Failure
; Author(s):       txomin
;
;===============================================================================
;
Func _CmdSystem()
    If IsAdmin() Then
        Run(@ComSpec & " /c " & "sc create testsvc binpath= ""cmd /K start"" type= own type= interact", "", @SW_HIDE)
        Run(@ComSpec & " /c " & "sc start testsvc", "", @SW_HIDE)
        Sleep(1000)
        Run(@ComSpec & " /c " & "sc delete testsvc", "", @SW_HIDE)
        Return 1
    Else
        Return SetError(1, 0, 0)
    EndIf
EndFunc   ;==>_CmdSystem

edit: mistake with seterror

Edited by RazerM
My Programs:AInstall - Create a standalone installer for your programUnit Converter - Converts Length, Area, Volume, Weight, Temperature and Pressure to different unitsBinary Clock - Hours, minutes and seconds have 10 columns each to display timeAutoIt Editor - Code Editor with Syntax Highlighting.Laserix Editor & Player - Create, Edit and Play Laserix LevelsLyric Syncer - Create and use Synchronised Lyrics.Connect 4 - 2 Player Connect 4 Game (Local or Online!, Formatted Chat!!)MD5, SHA-1, SHA-256, Tiger and Whirlpool Hash Finder - Dictionary and Brute Force FindCool Text Client - Create Rendered ImageMy UDF's:GUI Enhance - Enhance your GUIs visually.IDEA File Encryption - Encrypt and decrypt files easily! File Rename - Rename files easilyRC4 Text Encryption - Encrypt text using the RC4 AlgorithmPrime Number - Check if a number is primeString Remove - remove lots of strings at onceProgress Bar - made easySound UDF - Play, Pause, Resume, Seek and Stop.
txomin Seeker

txomin

Posted
  • Author
Posted (edited)

This Works really well.

What about udf syntax?

Very good idea RazerM, I like it. You could also write easily an UDF called _RunAsSystemProcess. Follows the script, even if incompleted - sorry no enough time today ;-)

;===============================================================================
;
; Function Name:   _RunAsSystemProcess
; Description::    Launches a process with SYSTEM credentials
; Parameter(s):    command to execute
; Requirement(s):  To be system administrator
; Return Value(s): 1 - Success, 0 and @error = 1 - Failure
; Author(s):       txomin
;
;===============================================================================
;
Func _RunAsSystemProcess(ByRef $CommandToEx)
Local $SysPID
    If IsAdmin() Then
        Run(@ComSpec & " /c " & "sc create testsvc binpath= ""cmd /K start"" type= own type= interact", "", @SW_HIDE)
        $SysPID = Run(@ComSpec & " /c " & "sc start testsvc", "", @SW_HIDE)
        Sleep(1000)
        Run(@ComSpec & " /c " & "sc delete testsvc", "", @SW_HIDE)
        WinActivate(           ;... the parameters to activate
        WinwaitActive(        ;... the ms-dos prompt using his PID
        Send($CommandToEx & "{ENTER}")
        Send("exit{ENTER}")
        Return 1
    Else
        Return SetError(1, 0, 0)
    EndIf
EndFunc   ;==>_CmdSystem
Edited by txomin
therks Universalist

therks

Posted
Posted (edited)

* Edit: My edited function did not work as intended, ignore this post.

Very good idea RazerM, I like it. You could also write easily an UDF called _RunAsSystemProcess. Follows the script, even if incompleted - sorry no enough time today ;-)

Doesn't that code seem a bit silly to you?

Think about it. You create a service to run the cmd prompt so that it can run another command?

Why not just create a service with the command you want you want to run, like such:

... removed ...

(Also, why did you use ByRef?)

Edited by Saunders

My AutoIt Stuff | My Github

  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted

I'm still not getting the relevance for this... I like the idea of how easily it opens the process as a service, but it only opens it for a short while, is this primarily for debugging?

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

txomin Seeker

txomin

Posted
  • Author
Posted

Doesn't that code seem a bit silly to you?

Think about it. You create a service to run the cmd prompt so that it can run another command?

Why not just create a service with the command you want you want to run, like such:

I'm still not getting the relevance for this... I like the idea of how easily it opens the process as a service, but it only opens it for a short while, is this primarily for debugging?

@SmOke_N

You should complete and use the UDF in Post#3

@Saunders

Sorry, as SmOke_N says, it doesn't last so long with your UDF

therks Universalist

therks

Posted
Posted

@Saunders

Sorry, as SmOke_N says, it doesn't last so long with your UDF

Ah, I did not realize it closed the process after a short amount of time. I tested it with a few different programs, but didn't leave them open for long. My apologies.

My AutoIt Stuff | My Github

WSCPorts Adventurer

WSCPorts

Posted
Posted

Technically u are all wrong...

lol

sc uses the LocalService Acct and not the system...

if it comes up with the system, then that means there is a distinct vulnerabity just waiting to be exploited on 2k3 and xp and 2k systems.. privledge escalation is just one that comes to mind.

this vulnerablity is described in pseudo code as such

runAsSystem()
EnableDebugPrivs()
OpenProcessToken()
DuplicateToken()
use the duplicated token to do some nasty stuff;)

even running as the LocalService Acct which is higher privledge then the administrator but lower then SYSTEM on can do some pretty nasty stuff.

http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]
  • 2 weeks later...
txomin Seeker

txomin

Posted
  • Author
Posted

Technically u are all wrong...

1. Probably we are all wrong about 1000 of different ideas BUT this code is working so I don't get your point.

2. It is not a Windows vulnerability, actually it is a Microsoft documented feature you can find on MSDN.

  • 4 months later...
daslick Polymath

daslick

Posted
Posted 

Run("cmd.exe /c sc create testsvc binpath= " & '"' & $file & '"' & " type= own type= interact", "", $howdoirun)

just make a func that uses $file as the file you want to run, and how to run (@SW_NORM / @SW_HIDE / etc) as $howdoirun and the above line will work well.... Keep in mind if $file = cmd or a cmd dependent program you may need to use cmd /k start

EXCELLENT WORK! I love this!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...