runas

[BackupUser]

Restored from previous forum. Originally posted by Skully.

Does anyone have or know how to make a runas-like command that accepts a password parameter as well?

If you are not sure of what run-as does, it changes the user-context that windows is running under and any spawned child processes.

fyi:
http://www.microsoft.com/technet/treevi ... /runas.asp

Skully




Edited by - skully on 16 July 2002 17:11:13

[BackupUser]

Restored from previous forum. Originally posted by Shawn.

Hi.

I am not sure what you are trying to do, so there may be a better solution. You could try posting in the Beginners forum.

This solution uses the runas command and a sendkeys function that was kindly posted by PB yesterday. See the Tips and Tricks forum for the code.

Code: Select all

RunProgram("runas.exe","/user:MyComputerOrDomain\SomeUser notepad",0)
Delay(1000)
SendKeys(0,"C:\WINNT\System32\Runas.exe","ThePassword{ENTER}")
 

Hope this helps.

Shawn

[BackupUser]

Restored from previous forum. Originally posted by Skully.

Thats what I do now, but with a keyboard capture program the password is easily compromised.

Skully
Http://24.69.16.68/


Edited by - skully on 17 July 2002 07:14:34

[BackupUser]

Restored from previous forum. Originally posted by PB.

> Does anyone know how to make a runas-like command that accepts a password
> parameter as well?

Does the "RunAs" command accept a password parameter? The link you provided, at
Microsoft's web site, doesn't seem to show a password parameter?

Anyway, is the "RunAs" command is just a normal command at a prompt? It appears
so, so please provide an example of what you would physically type at the prompt
and I will be able to give you a way to do it in PureBasic.

PB - Registered PureBasic Coder

[BackupUser]

Restored from previous forum. Originally posted by Skully.

Absolutely..

I would *like* to be able to type:

RunAs %environmentvarb%\path.exe /user:domain\username password

Which stays consistent with the way "net use" works

Its essential that the password not be keyboard captureable

Skully




Edited by - skully on 17 July 2002 08:13:54

[BackupUser]

Restored from previous forum. Originally posted by PB.

> I would *like* to be able to type:
> RunAs %environmentvarb%\path.exe /user:domain\username password

Try the RunProgram command with it like so...

RunProgram("RunAs","%environmentvarb%\path.exe /user:domain\username password",0)

...but I don't think it will work. It's hard for me to test as I don't have the
same setup as you, but anything that is typed at a command prompt can be done via
the RunProgram command, so just play with it a bit.

PB - Registered PureBasic Coder

Edited by - PB on 17 July 2002 11:08:05

[BackupUser]

Restored from previous forum. Originally posted by Shawn.

Hi.

It seems that the API equivalent is called CreateProcessWithLogonW()

http://msdn.microsoft.com/library/en-us ... frame=true

Although, I get the message that CreateProcessWithLogonW_() is not a function... etc.

There are links on the above page for using LogonUser() and CreateProcessAsUser() as an alternate method.

I am interested too. Could someone post an example showing how we should call these API functions properly?

Here is my code that fails on the last function:

Code: Select all

 
*lpUsername = AllocateMemory(0, 1024, 0) 
PokeS(*lpUsername,"SomeUsername")
*lpDomain = AllocateMemory(2, 1024, 0) 
PokeS(*lpDomain,"SomeDomain")
*lpPassword = AllocateMemory(3, 1024, 0) 
PokeS(*lpPassword,"SomePassword")
*lpApplicationName = AllocateMemory(4, 1024, 0) 
PokeS(*lpApplicationName,"notepad.exe")
*lpToken = AllocateMemory(5, 4, 0)
 
;This one gets "is not a function..."
;CreateProcessWithLogonW_(*lpUsername,*lpDomain,*lpPassword,0,*lpApplicationName,0,0,0,0,0,0)
 
LogonUser_(*lpUsername, *lpDomain, *lpPassword, #LOGON32_LOGON_BATCH, #LOGON32_PROVIDER_DEFAULT,*lpToken)
CreateProcessAsUser_(*lpToken,*lpApplicationName,0,0,0,False,"",0,0,0,0)

Thanks.

Shawn

[BackupUser]

Restored from previous forum. Originally posted by Rings.

If the functions is not recognize by Pure (maybe OS-Specific), use the
LIBRARY Function to call them.


Its a long way to the top if you wanna .....CodeGuru

[BackupUser]

Restored from previous forum. Originally posted by Skully.

Ref:

LogonUser_(*lpUsername, *lpDomain, *lpPassword, #LOGON32_LOGON_BATCH, #LOGON32_PROVIDER_DEFAULT,*lpToken)CreateProcessAsUser_(*lpToken,*lpApplicationName,0,0,0,False,"",0,0,0,0)

I did notice that in the description on the microsoft site states:

The CreateProcessWithLogonW function is similar to the CreateProcessAsUser function, except that the caller does not need to call the LogonUser function to authenticate the user and get a token.

Which doesnt solve the calling problem but might save a headache later.

Hey, does purebasic allow connection to .net framework etc?

Skully

[BackupUser]

Restored from previous forum. Originally posted by El_Choni.

About CreateProcessWithLogonW, you can use this piece of code. In Win 98, it shows the error message so, for me, it works.

Code: Select all

If OpenLibrary(0, "ADVAPI32.DLL")
  CreateProcessWithLogonW = IsFunction(0, "CreateProcessWithLogonW")
  If CreateProcessWithLogonW
    CallFunctionFast(CreateProcessWithLogonW, *lpUsername, *lpDomain, *lpPassword, 0, *lpApplicationName, 0, 0, 0, 0, 0, 0)
  Else
    MessageRequester("Error:", "CreateProcessWithLogonW supported only in Windows 2000 or later.", 0)
  EndIf
  CloseLibrary(0)
Else
  MessageRequester("Error:", "ADVAPI32.DLL not available.", 0)
EndIf

Bye,

El_Choni

[BackupUser]

Restored from previous forum. Originally posted by Shawn.

Thanks El_Choni.

The problem now is that we need to figure out the correct parameters. Here is my revised code:

Code: Select all

 
MyUserName.s = "UserName"
MyDomainName.s = "." ; use . for a local user, and the domain for a domain user.
MyPassword.s = "password"
MyApplication.s = "C:\winnt\notepad.exe"
*lpProcessInfo = AllocateMemory(0,4,0)
If OpenLibrary(0, "ADVAPI32.DLL")
  *F = IsFunction(0, "CreateProcessWithLogonW")
  If *F
    If CallFunctionFast(*F, 0, @MyUserName, @MyDomain, @MyPassword, 0, @MyApplication,0,0,0,0,*lpProcessInfo) 
      MessageRequester("","Success!",0)
    Else
      Buffer.s = Space(200)
      LastError.l = GetLastError_()
      FormatMessage_(#FORMAT_MESSAGE_FROM_SYSTEM, 0, LastError, #LANG_NEUTRAL, @Buffer, 200, 0)
      MessageRequester("Error",Str(LastError)+" "+Buffer,0)
    EndIf
  Else
    MessageRequester("","Sorry - this function is not available.",0) 
  EndIf
  CloseLibrary(0)
EndIf

The error is number 87, (the parameter is incorrect).

Shawn



Edited by - shawn on 18 July 2002 02:42:50

[BackupUser]

Restored from previous forum. Originally posted by El_Choni.

The first argument of the calling function shouldn't be there, but before the last one, like this:

Code: Select all

If CallFunctionFast(*F, @MyUserName, @MyDomain, @MyPassword, 0, @MyApplication,0,0,0,0,0,*lpProcessInfo) 

And you should allocate space for the returned PROCESS_INFORMATION structure values, let's say like this:

Code: Select all

lpProcessInfo.PROCESS_INFORMATION

And then give the function the pointer to it: @lpProcessInfo.

Can't tell you anything else now, since I only have Windows 98 here.

Bye,

El_Choni

Edited by - El_Choni on 18 July 2002 11:25:23

[BackupUser]

Restored from previous forum. Originally posted by Skully.

PB,

Sorry.. I guess I wasn't very clear about that. The password cannot be input through the keyboard buffer.. that is a HUGE security hole being taken advantage of by many people at the moment.

The built-in runas command does not accept the password parameter either Thus why I need a new RunAs.exe command, maybe ExeAs.exe or something.

I just realized though that the runas command has a /profile parameter which is important as well.. it allows installations under the regular users HKCU registry tree but with privelages of the specified user name to allow access to the HKLM tree. Thats under the context which I need it for anyway. - obviously Win2000

If this works, I think I'll have to get PB

> I would *like* to be able to type:
> RunAs %environmentvarb%\path.exe /user:domain\username password

Try the RunProgram command with it like so...

RunProgram("RunAs","%environmentvarb%\path.exe /user:domain\username password",0)

...but I don't think it will work. It's hard for me to test as I don't have the
same setup as you, but anything that is typed at a command prompt can be done via
the RunProgram command, so just play with it a bit.

PB - Registered PureBasic Coder

Edited by - PB on 17 July 2002 11:08:05

Edited by - skully on 18 July 2002 06:57:01

[BackupUser]

Restored from previous forum. Originally posted by PB.

> I think I'll have to get PB

Definitely, because we can't help if you can't run our test code with the demo.


PB - Registered PureBasic Coder

[BackupUser]

Restored from previous forum. Originally posted by Skully.

PB:

If I shelled out coin every time I looked at a language to assess its capabilities it would cost me a fortune.. expecially in my line of work where its kinda part of my job to know of emerging tech.

However, that being said... I figure that since I can't actually make anything in 200 lines of code that would satisfy my curiosity with the language when you consider the depth of the disabilites, I figure that if Shawn and the bunch are able to figure this out then that kind of demonstrates something significant to me.

Shawn:
The CreateProcessWithLogonW function is very promising looking! See right now I am using AutoIt by hiddensoft to "run" a "runas" command and then pipes the password through the keyboard into the dos window (you can't see it)

But.... There are lots of keyboard capture programs out there and its just too easy to compromise the password... what I am looking for is 2 things. This new ExeAs command, and a language that lets me make my own cool commands lol Especially if I can encrypt the code itself but I can do that part

Skully