Wednesday, August 22, 2012

#Security question du jour

Why does the ‘runas’ command fail to work properly on Windows when within a command shell?


The “runas” Command

 The runas command is a useful command that allows a user to run a command as another user (typically a privileged user, such as administrator) by providing the password when prompted:

                runas /u:administrator delete file.txt

In a command shell this will not work as the penetration tester is never prompted for the password.  To circumvent this issue, it’s possible to use the “schtasks” or “at” command to run the command at a short time in the future as the specified user.  One caveat to this is that the command shell has to have administrative or SYSTEM privileges to work.

Command shell access on Windows targets can have many pitfalls.  

A command shell is not the same as Terminal Access. Hitting CTRL-C while inside a command shell over a netcat connection will cause the netcat connection to drop.  This is the case with Windows targets as well.  

If you have gained shell access on a Windows system by launching a netcat listener on the Winows target system and interacting with it using a netcat client you will be in a command shell and not in Terminal access (as you would be with a Telnet session).

Command Shell access should not be confused with the use of the Windows Command Processor (cmd.exe). Command line and command shell are oft confused terms.

1 comment:

Dail UsIndia said...

U really such have a nice blog please....be continued for writing ...u can find more doctors in lucknow