Jump to content
Sign in to follow this  

Safest way to "runas" Admin

Recommended Posts


So I have a question really. I have a little 50 some odd line script that the only function is to allow limited user to change timezone. But for it to run I need to use the local admin with runas. I was reading through the help file and it says you should not store passwords in the script itself even with Obfuscator. So I am look for suggestions on ways that i can keep the file secure. this is a sample of my script, i used an example to display time after the change, this is really a 2 or 3 line action, as it stands. If there ways that i can lock-it down any help would be great.

; Launch Time and Date control Panel with admin
  RunAsWait("Admin",@ComputerName,"Password",0,"rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,",@SystemDir,@SW_SHOW) 
     sleep (500) ;slight pause for change to take effect
     MsgBox(0, "Time", "Your Time Zone has been updated.")
     ;Start gui to show time change._
     Func _Main()
                     Local $hGUI, $tFile, $tLocal
                     ; Create GUI
                     $hGUI = GUICreate("Time", 300, 100)
                     $iMemo = GUICtrlCreateEdit("", 2, 2, 396, 296, $WS_VSCROLL)
                     GUICtrlSetFont($iMemo, 9, 400, 0, "Courier New")
                     ; Get system time
                     $tSystem = _Date_Time_GetSystemTime()
                     $tFile = _Date_Time_SystemTimeToFileTime(DllStructGetPtr($tSystem))
                     ;               --------------------------------------
                     $tLocal = _Date_Time_FileTimeToLocalFileTime(DllStructGetPtr($tFile))
                     MemoWrite("The time is now : " & _Date_Time_FileTimeToStr($tLocal))
                     ; Loop until user exits
                     Until GUIGetMsg() = $GUI_EVENT_CLOSE
     EndFunc   ;==>_Main
     ; Write a line to the memo control
     Func MemoWrite($sMessage)
                     GUICtrlSetData($iMemo, $sMessage & @CRLF, 1)
     EndFunc   ;==>MemoWrite

Share this post

Link to post
Share on other sites

Just a wild thinking. You can make a wrapper executing script that requires or contains the MD5 or SHA or whatnot string and pass it to this script to decipher using a supplied key (also required or contained). As usual, add as much crap as possible.

Edit: You can edit yet another think that the resulting deciphered key is a key in the registry buried inside the ghost sub-sub-keys of the registry and this key should contain the password. If the string is deciphered correctly then reading this registry key should return a nice innocent password. >_<

Edited by Authenticity

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this