#154040 - 05/12/24 02:20 PM
RUNNAS - Tokenized Runas Utility
Would like to introduce a new command line tool called RUNNAS.EXE (two n's) - its available only at KORG and you can get it here:
RUNNAS - Tokenized Runas Utility
It works much like Microsoft's standard runas.exe except for a few important features:
1) You can specify a password on the command line
2) You can tokenize the command line into a file.
3) You can execute the tokenized file.
This software is at first release and should be considered as beta. Please post any comments, suggestions or bugs to this space.
Allows a user to run specific tools and programs with different permissions
than the user's current logon provides.
Note: This version of runnas is not guaranteed to be compatible with the
previous version. Please re-tokenize your files for added security.
runnas /user:<username> command [/password:<password>] [/noprofile]
[/profile] [/env] [/netonly] [/logononly] [/wait] [/return]
[/title:<title>] [/tokenize:<tokenfile>] [/crc] [/allowargs]
runnas tokenfile [/<token>:<value>] [/args:<arguments>] [/delete]
/user <username> should be in form USER or DOMAIN\USER.
command Command line to run. See below for examples
/password The clear-text password for the user account. If not
specified, you will be prompted for the password.
/noprofile Specifies that the user's profile should not be loaded.
This causes the application to load more quickly, but
can cause some applications to malfunction.
/profile Specifies that the user's profile should be loaded.
This is the default.
/env To use current environment instead of the user's
/netonly Use if the credentials specified are for remote
/logononly Use if command is to be run during interactive logon only.
/wait Wait for the program to finish.
/return Return errorlevel of program. Use with /wait.
/title For console processes, this is the title displayed in the
title bar if a new console window is created.
/tokenize Tokenize command line into <tokenfile>.
/crc Calculate CRC (Cyclic Redundancy Check) of command
line executable and save it to <tokenfile>.
/allowargs Allow passing additional arguments to <tokenfile>.
tokenfile The name of a tokenized command line file.
/<token> Replace command line <token> with <value>.
/args Additional <arguments>. Valid only if tokenfile was
created with /allowargs switch.
/delete Delete tokenfile when done.
NOTE: Enter user's password when prompted.
NOTE: USER\DOMAIN is not compatible with /netonly.
NOTE: /profile is not compatible with /netonly.
NOTE: Most parameters can be shortened to 3 characters.
> runnas /user:admin mmc
> runnas /user:admin "cmd /c dir c:\ & pause" /password:xxx
Create and execute a tokenfile:
> runnas /user:admin notepad.exe /password:xxx /tokenize:notepad.tok
> runnas notepad.tok
Pass quotes inside a quoted string (using \" metachar):
> runnas /user:admin "\"c:\program files\my app\app.exe\"" /pass:xxx
Pass arguments to a tokenfile:
> runnas /user:admin "notepad.exe" /pass:xxx /tok:notepad.tok /allowargs
> runnas notepad.tok /args:"file.txt"
Replace tokens in a tokenfile:
> runnas /user:admin "notepad.exe <p1>.<p2>" /pas:xxx /tok:notepad.tok
> runnas notepad.tok /p1:myfile /p2:txt
This software is provided "as is" and "with all faults". The author
makes no representations or warranties of any kind concerning the
quality, safety or suitabilty of the software, either express or
implied, including without limitation any implied warranties of
merchantability, or fitness for a particular purpose.
#154046 - 05/12/24 09:32 PM
Re: RUNNAS - Tokenized Runas Utility
SWEET Shawn. I like it so far.
Have tested it on accounts with non admin privledges and the application will run but won't access areas they're not allowed to.
Have used Admin rights with different account and it runs as expected too.
As per one of Les' questions. Maybe add some code to hash/crc check that the executable has not been modified to include even a rename of the exe.
I like the idea that the tokenize overwrites the previous entry, but using a switch would it be possible to chain a couple commands?
So far it ROCKS dude.
Will test some more on Monday at work. May have to take a look at some reverse engineering some to see how easily / difficult it might be to reverse the obfuscation.
But don't think I'll get that much computing time in the next couple days.
Moderator: Sealeopard, Allen, Bryce, Jochen, Radimus, Kdyer, Howard Bullock, Chris S., Glenn Barnas, Benny69, ShaneEP, Mart