Jump to content
Sign in to follow this  

Safest way to "runas" Admin

Recommended Posts


So I have a question really. I have a little 50 some odd line script that the only function is to allow limited user to change timezone. But for it to run I need to use the local admin with runas. I was reading through the help file and it says you should not store passwords in the script itself even with Obfuscator. So I am look for suggestions on ways that i can keep the file secure. this is a sample of my script, i used an example to display time after the change, this is really a 2 or 3 line action, as it stands. If there ways that i can lock-it down any help would be great.

; Launch Time and Date control Panel with admin
  RunAsWait("Admin",@ComputerName,"Password",0,"rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,",@SystemDir,@SW_SHOW) 
     sleep (500) ;slight pause for change to take effect
     MsgBox(0, "Time", "Your Time Zone has been updated.")
     ;Start gui to show time change._
     Func _Main()
                     Local $hGUI, $tFile, $tLocal
                     ; Create GUI
                     $hGUI = GUICreate("Time", 300, 100)
                     $iMemo = GUICtrlCreateEdit("", 2, 2, 396, 296, $WS_VSCROLL)
                     GUICtrlSetFont($iMemo, 9, 400, 0, "Courier New")
                     ; Get system time
                     $tSystem = _Date_Time_GetSystemTime()
                     $tFile = _Date_Time_SystemTimeToFileTime(DllStructGetPtr($tSystem))
                     ;               --------------------------------------
                     $tLocal = _Date_Time_FileTimeToLocalFileTime(DllStructGetPtr($tFile))
                     MemoWrite("The time is now : " & _Date_Time_FileTimeToStr($tLocal))
                     ; Loop until user exits
                     Until GUIGetMsg() = $GUI_EVENT_CLOSE
     EndFunc   ;==>_Main
     ; Write a line to the memo control
     Func MemoWrite($sMessage)
                     GUICtrlSetData($iMemo, $sMessage & @CRLF, 1)
     EndFunc   ;==>MemoWrite

Share this post

Link to post
Share on other sites

Just a wild thinking. You can make a wrapper executing script that requires or contains the MD5 or SHA or whatnot string and pass it to this script to decipher using a supplied key (also required or contained). As usual, add as much crap as possible.

Edit: You can edit yet another think that the resulting deciphered key is a key in the registry buried inside the ghost sub-sub-keys of the registry and this key should contain the password. If the string is deciphered correctly then reading this registry key should return a nice innocent password. >_<

Edited by Authenticity

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.