Re: Starting a process under a different user without supplying the password

Re: Starting a process under a different user without supplying the password
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Re: Starting a process under a different user without supplying the password Danny Sanders 11-28-2007
Posted by Danny Sanders on November 28, 2007, 1:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> As a I administrator can I launch processes on behalf of other users
> without supplying their passwords?

I am not aware of a way to do this.

hth
DDS

> As a I administrator can I launch processes on behalf of other users
> without supplying their passwords?
>
> I know psexec can launch processes on behalf of other users, but I
> have to supply the user's credentials......
>
> saqib
> http://www.quantumcrypto.de/dante/



Posted by =?Utf-8?B?QW50ZWF1cw==?= on December 2, 2007, 4:56 am
If you were  Registered and logged in, you could reply and use other advanced thread options
You can do this with AutoIt

RunAsSet("username","domain","password")
Run("commandline")
RunAsSet()

http://autoitscript.com

If you compile with encryption, that makes the password reasonably secure.


Posted by Pegasus \(MVP\) on December 2, 2007, 5:28 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> You can do this with AutoIt
>
> RunAsSet("username","domain","password")
> Run("commandline")
> RunAsSet()
>
> http://autoitscript.com
>
> If you compile with encryption, that makes the password reasonably secure.
>

The OP wanted to do this without supplying the user's credentials.
Your process DOES require these credentials. Furthermore it is
a classical Trojan process: Anyone who gets a copy of your proposed
routine can use (abuse?) it to execute "commandline", regardless of
what hides behind this "commandline".



Posted by =?Utf-8?B?QW50ZWF1cw==?= on December 2, 2007, 7:48 am
If you were  Registered and logged in, you could reply and use other advanced thread options
"Pegasus (MVP)" wrote:

> The OP wanted to do this without supplying the user's credentials.
> Your process DOES require these credentials.

I would take it he means "Not supply them manually, ad nauseam." - That is
the sensible interpretation.

> Furthermore it is a classical Trojan process:

So you reckon the OP is a malware author?





Posted by Pegasus \(MVP\) on December 2, 2007, 10:55 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> "Pegasus (MVP)" wrote:
>
>> Furthermore it is a classical Trojan process:
>
> So you reckon the OP is a malware author?
>

No, not at all. I'm saying that in using your tool, the OP
gives his users a tool that can easily be used for unauthorised
access.



Similar ThreadsPosted
Re: Starting a process under a different user without supplying the password November 28, 2007, 1:53 pm
Is there a way to stop a process started by the SYSTEM user in windows? November 11, 2005, 8:05 pm
starting computer after I have been away November 22, 2006, 10:18 pm
Norton AV starting by itself January 12, 2007, 11:06 pm
WSUS - how starting February 16, 2008, 4:26 pm
Recovering User Password... September 19, 2006, 5:19 pm
Forgot my password for User Account February 9, 2006, 12:03 pm
Smart Card based Logon & User ID and Password June 17, 2005, 10:09 am
Give a user rights to change other user's password May 29, 2008, 4:34 am
determine process space August 23, 2005, 11:48 am

The site map in XML format XML site map

Contact Us | Privacy Policy