Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to use the RUNAS command from QM
#1
Is there a way of using the "runas" command, to run programs with administrator privileges??

I used the search function here but found no reference to "runas".
#2
runas is documented in the MSDN library. I don't remember full syntax.

run "runas.exe" "/user:user_name program"

Password must be entered manually.
#3
RunAs function.

Code:
Copy      Help
;/
function $prog $user [$domain] [$password] [int&hprocess]

;Runs program as specified user.
;On failure throws error.
;For Windows 2000, XP and later.


;prog - program name or full path, optionally followed by command line parameters. If program path contains spaces, enclose into "". Examples: "prog.exe", "prog.exe /params", "c:\progra~1\prog\prog.exe /params", "''c:\program files\prog\prog.exe'' /params". Must be executable. Documents and shortcuts are not supported.
;user - user name.
;domain - domain or computer name. Can be omitted or "" for local computer.
;password - password. If omitted or "", asks at run time. Using password in macro is unsafe, even if that macro is encrypted (password can be intercepted by replacing RunAs).
;hprocess - if used, receives process handle.


;EXAMPLES
;RunAs "notepad.exe" "Admin" ;;will ask for password
;
;int hproc
;RunAs "c:\windows\notepad.exe" "Power User" "" "ttr09knn" hproc
;wait 0 H hproc
;CloseHandle hproc



#if (WINNT>=5)
def CREATE_DEFAULT_ERROR_MODE 0x04000000
def LOGON_WITH_PROFILE 0x00000001
type STARTUPINFOW cb @*lpReserved @*lpDesktop @*lpTitle dwX dwY dwXSize dwYSize dwXCountChars dwYCountChars dwFillAttribute dwFlags @wShowWindow @cbReserved2 !*lpReserved2 hStdInput hStdOutput hStdError
type PROCESS_INFORMATION hProcess hThread dwProcessId dwThreadId
dll advapi32 #CreateProcessWithLogonW @*lpUsername @*lpDomain @*lpPassword dwLogonFlags @*lpApplicationName @*lpCommandLine dwCreationFlags !*lpEnvironment @*lpCurrentDirectory STARTUPINFOW*lpStartupInfo PROCESS_INFORMATION*lpProcessInformation

str s ss
if(&hprocess) hprocess=0
if(!len(domain)) domain="." ;;local computer
if(!len(password)) if(inp(s "" "Password" "*")) password=s; else ret
BSTR s1(user) s2(domain) s3(password) s4(ss.expandpath(prog))

STARTUPINFOW si; si.cb=sizeof(si)
PROCESS_INFORMATION pi
if(CreateProcessWithLogonW(+s1 +s2 +s3 LOGON_WITH_PROFILE 0 +s4 CREATE_DEFAULT_ERROR_MODE 0 0 &si &pi))
,if(pi.hThread != -1) CloseHandle(pi.hThread)
,if(pi.hProcess != -1) if(&hprocess) hprocess=pi.hProcess; else CloseHandle(pi.hProcess)
else end s.dllerror
#4
Big Grin Gintaras - Yet another lightning response. Microsoft should take some lessons from you.

You wrote:

;password - password. If omitted or "", asks at run time. Using password in macro is unsafe, even if that macro is encrypted (password can be intercepted by replacing RunAs).

I don't understand, "password can be intercepted by replacing RunAs".

I have encrypted macros containing passwords. Are they vulnerable?
#5
A macro is vulnerable if it passes a password to an user defined function or dll function, even if all is encrypted. Somebody that is able to edit your macros can delete the function that is called and replace it to a compatible function (same name, same arguments) that simply shows passed arguments. Of course, if only he knows or can guess what functions are called by your encrypted macro. And, only if he can run that macro.

A macro containing a password also is vulnerable if it for example pastes that password.

To make a macro containing passwords really secure:
1. Encrypt it.
2. If it passes the password to other functions (except QM intrinsic functions) or somehow outputs it (eg pastes), it also must ask for password to run it. To ask for password, use inpp. It is secure.
#6
Trying to get RunAs to work in QM 2.3.2.5
Having troubles figuring out how to get a password.
Error (RT) in Function86: failed: the password must be encrypted (Options -> Security)

So what do I do in the Security tab?
When I try to "Encrypt the password to use with a function" I get a QM error message saying "The function does not support encrypted passwords"
So is there something I need to do to the function?

Thanks,
Jimmy Vig
#7
That was tricky but I figured it out. I had to set up the function:
function str'encryptedpassword
str truepassword.decrypt(16 encryptedpassword "aaa")
out truepassword

Then it let me generate an encrypted password.
#8
Still can't get RunAs to work. Maybe it is just me...I'm determined to get this to work. Please help if you can give an example.

Thanks,
jimmy Vig
#9
1. Open Options, Security.
2. Type password of that user account in the two password boxes at the bottom.
3. Type RunAs in the Function edit box.
4. Click Encrypt at the right from the Function box.
5. Click OK in the message box.
6. Paste in the macro.

Macro Macro1386
Code:
Copy      Help
RunAs "notepad.exe" "" "user" "" "[*F258E9E5C7A037E606*]"
#10
I see, I was putting in the current function I was working with. Did not realize I was to put in RunAs. It makes sense, just never did it before.

Thanks,
jimmy Vig
#11
Is there anyway to use RunAs to run a bat file hidden?

Thanks,
Jim
#12
added flag 1 - hidden

Function RunAs22
Code:
Copy      Help
;/
function $prog $user [$domain] [$password] [int&hprocess] [flags] ;;flags: 1 hidden

;Runs program as specified user.
;Error if fails.

;prog - program name or full path, optionally followed by command line parameters. If program path contains spaces, enclose into "". Examples: "prog.exe", "prog.exe /params", "c:\progra~1\prog\prog.exe /params", "''c:\program files\prog\prog.exe'' /params". Must be executable. Documents and shortcuts are not supported.
;user - user name.
;domain - domain or computer name. Can be omitted or "" for local computer.
;password - password. If omitted or "", asks at run time.
;hprocess - if used, receives process handle.

;EXAMPLES
;RunAs22 "notepad.exe" "Admin" ;;will ask for password
;
;__Handle hproc
;RunAs22 "c:\test.bat" "User" "" "ttr09knn" hproc 1
;wait 0 H hproc


str s ss
if(&hprocess) hprocess=0
if(!len(domain)) domain="." ;;local computer
if(!len(password)) if(inp(s "" "Password" "*")) password=s; else ret
BSTR s1(user) s2(domain) s3(password) s4(ss.expandpath(prog))

STARTUPINFOW si; si.cb=sizeof(si)
if(flags&1) si.dwFlags|STARTF_USESHOWWINDOW
PROCESS_INFORMATION pi
if(CreateProcessWithLogonW(+s1 +s2 +s3 LOGON_WITH_PROFILE 0 +s4 CREATE_DEFAULT_ERROR_MODE 0 0 &si &pi))
,if(pi.hThread != -1) CloseHandle(pi.hThread)
,if(pi.hProcess != -1) if(&hprocess) hprocess=pi.hProcess; else CloseHandle(pi.hProcess)
else end s.dllerror

Macro Macro1578
Code:
Copy      Help
RunAs22 "c:\test.bat" "User" "" "password" 0 1
#13
Sweet. Thanks -jim


Forum Jump:


Users browsing this thread: 1 Guest(s)