Page 2 of 5 <12345>
Topic Options
#154060 - 2005-12-28 02:34 AM Re: RUNNAS - Tokenized Runas Utility
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
Version 1.3 is now available. I implemented a wise suggestion from Les ... to do with the tokenized (encrypted) file. The token file is now a "moving target" - the encryption will vary between invocations - even if the command line remains constant. This will hinder any "brute force" attempt to crack the encryption.

-Shawn

Top
#154061 - 2005-12-28 11:02 PM Re: RUNNAS - Tokenized Runas Utility
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
you using the dot net crypto?
might also include at least the md5 stuff to kf .net once you are on it. (so I don't need to )
_________________________
!

download KiXnet

Top
#154062 - 2005-12-28 11:06 PM Re: RUNNAS - Tokenized Runas Utility
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
nah, this util has zero dependencies - other than it only works on nt5 and above.
Top
#154063 - 2005-12-29 12:11 AM Re: RUNNAS - Tokenized Runas Utility
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
just saw the error condition line:
"This application cannot run using the active version of the Microsoft .NET Runtime"
_________________________
!

download KiXnet

Top
#154064 - 2005-12-29 02:14 AM Re: RUNNAS - Tokenized Runas Utility
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Okay, RUNNAS should now be up to version 1.6

Been chatting with Shawn on MSN and ironed out a few other issues with error codes.

Shawn should post and update soon.

Top
#154065 - 2005-12-29 02:17 AM Re: RUNNAS - Tokenized Runas Utility
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
I kinda lumped the last changes into a 1.4 which is posted.
Top
#154066 - 2005-12-30 08:18 PM Re: RUNNAS - Tokenized Runas Utility
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
Runnas 1.5 is available. Added the /CRC switch. This performs an optional Cyclic Redundancy Check on the command line executable and saves it to the tokenfile. Later, when run from a tokenfile, the CRC is re-validated for added security.
Top
#154067 - 2005-12-30 08:42 PM Re: RUNNAS - Tokenized Runas Utility
Chris S. Offline
MM club member
*****

Registered: 2002-03-18
Posts: 2368
Loc: Earth
Sounds great so far.

Can you turn it into a COM component and tokenize the "cmd files"?


Edited by Chris S. (2005-12-30 08:43 PM)

Top
#154068 - 2005-12-31 12:10 AM Re: RUNNAS - Tokenized Runas Utility
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
good idea and could. but not in the short term. only have one more thing to add, then going to put this to rest for a while.
Top
#154069 - 2005-12-31 01:14 AM Re: RUNNAS - Tokenized Runas Utility
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
runnas 1.6 is available. added the following two parameters:

/allowargs - allow additional arguments to be passed to tokenfile.

/args - additional arguments for tokenfile.

-Shawn

Top
#154070 - 2005-12-31 01:37 AM Re: RUNNAS - Tokenized Runas Utility
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
args huh?
caveat emptor
I could see that possibly be exploited in some cases.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#154071 - 2005-12-31 01:41 AM Re: RUNNAS - Tokenized Runas Utility
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
yup i agree - thats why by default its turned off. but otherwise pretty handy to have. would definitely by a security issue if your were running cmd.exe.
Top
#154072 - 2005-12-31 01:43 AM Re: RUNNAS - Tokenized Runas Utility
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
ja, I'm sure you are aware of the implications. Just wanted to put on record that when it comes to security, it is caveat emptor.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#154073 - 2005-12-31 01:48 AM Re: RUNNAS - Tokenized Runas Utility
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
implications...
hmm...
gladly I don't need to see those.
_________________________
!

download KiXnet

Top
#154074 - 2005-12-31 03:02 AM Re: RUNNAS - Tokenized Runas Utility
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Be careful there Shawn. Don't want your util turning out to be like the SONY software. They certainly did not forsee or wish for it to be abused as such but you can see the outcome there.

Anyways... KF.ORG appears to be down at the moment, can't download the latest version at the moment.

Top
#154075 - 2005-12-31 03:12 AM Re: RUNNAS - Tokenized Runas Utility
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
ja understood. like i say by default its not enabled. so one has to enable it in a heads-up kinda fashion. much would depend on what was being called and how. but you guys do make a good point.

ok its been re-hosted.

Top
#154076 - 2005-12-31 03:22 AM Re: RUNNAS - Tokenized Runas Utility
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Thanks, new download worked fine.
Top
#154077 - 2006-01-03 02:38 PM Re: RUNNAS - Tokenized Runas Utility
Chris S. Offline
MM club member
*****

Registered: 2002-03-18
Posts: 2368
Loc: Earth
Since there are times when an application must be installed under the current user's context would it be possible to add a /RUNASADMIN switch that either temporarily raises the user's rights or allows that process to run elevated?
Top
#154078 - 2006-01-03 02:52 PM Re: RUNNAS - Tokenized Runas Utility
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
no.
_________________________
!

download KiXnet

Top
#154079 - 2006-01-03 08:05 PM Re: RUNNAS - Tokenized Runas Utility
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Chris, it already should work for many things as the main process can be launched using the current user's profile, but with the credentials of an Administrative account.

If a stub process is kicked off that did not maintain the thread process level then it would lose those Admin rights, but otherwise should run as the account you specified.

I'm sure that there are installs that can or would be problematic, but would think many others should work fine as the process is then editing the registry and placing files in the system32 folder, etc...

I plan on doing some testing in that area this week and will post my findings.

Top
Page 2 of 5 <12345>


Moderator:  Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 346 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.044 seconds in which 0.015 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org