Home page logo
/

basics logo Security Basics mailing list archives

Re: Executing app with admin privileges
From: "Rob Creely" <programmingart () gmail com>
Date: Sun, 23 Jul 2006 01:24:20 -0400

Could the users use the Run As command and run the app as an administrator?
(Right-click the executable and click Run As.)

Yes they could, but then the users know a username and password with
administrative privileges.  What's stopping the user from using the
same process to install unapproved applications(ie. p2p, malware)?  Or
why bother with runas?  Why not just login in directly with the admin
credentials?

In cases such as these, I usually use sysinternals tools filemon and
regmon to see what registry and files a program needs access to.  I
then create a security group with a access to these files and registry
keys and then put users needing to run this application in the
security group.

In some cases, the things needing access are too extensive, or the
application for whatever reason still doesn't work.  In these cases, I
write a vb.net application that utilizes the runas command and
sendkeys function to run the application under an admin account on the
machine.  At least this way, the admin account password is hidden in
the source code of the application and will keep the average user from
doing nasty things.  Note, a hacker will likely be able to decompile
the exe to get the password, read the password from the computer's
memory during execution, or utilize a keylogger to get the password.
So this is in no way a "Fort Knox" type solution(ie. don't use your
domain admin account logon in the vb.net application).

Here is the VB.NET code I use(runs windows defrag as admin):

<start code>
Module Module1
   Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
   Sub Main()
       Dim wshShell
       wshShell = CreateObject("Wscript.Shell")
       wshShell.run("runas /user:Administrator ""mmc.exe
c:\winnt\system32\dfrg.msc""")
       Sleep(100)
       wshShell.AppActivate("Runas")
       Sleep(100)
       wshShell.SendKeys("youradminpasswordgoeshere")
       wshShell.SendKeys("~")
       Sleep(100)
   End Sub
End Module
<end code>

Hope this helps.

--Rob

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]