Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

RunFromProcess - Run a Windows program with a user of another process

$
0
0
RunFromProcess is a command-line utility that allows you to run a program from another process that you choose. 

The program that you run will be executed as a child of the specified process and it'll run with the same user and security context of the specified parent process.

Using RunFromProcess

RunFromProcess requires 2 command-line parameters: 
RunFromProcess.exe [Parent Process Name/ID] [Process To Run]

The first parameter is the process name (for example: myprocess.exe) or process ID of the parent process that will run the program you need. 

The second parameter is the full path filename of the program that you want to run. You can also specify command-line parameters for the specified program.

Optionally, you can specify 'nomsg' prefix before the 2 major parameters if you want that RunFromProcess won't display any error message.

Optionally, you can specify 'admin' prefix before all other parameters if you want to execute RunFromProcess as administrator.

Examples: 
RunFromProcess.exe 761 c:\temp\myprog.exe 
RunFromProcess.exe explorer.exe "c:\program files\abcd\mm.exe" 34 abc dd 
RunFromProcess.exe nomsg explorer.exe "c:\software\soft.exe" 
RunFromProcess.exe admin winlogon.exe "c:\software\soft.exe"

What you can do with this tool

Here's an example of what you can do with this tool: 

when you run a program from the schedule service of Windows, the program will run under a SYSTEM account, for example: 
at 18:00 c:\software\myprogram.exe

If you want to run the program with the current logged-on user, you can do it in this way: 
at 18:00 c:\software\RunFromProcess.exe nomsg explorer.exe c:\software\myprogram.exe

If you want to run a program with SYSTEM user, you can do it in this way: (The admin parameter is needed to get admin rights on Windows Vista/7/8 when UAC is turned on) 
RunFromProcess.exe admin winlogon.exe c:\windows\regedit.exe

If you execute the above command on Windows 7/Vista, RegEdit will be opened with a SYSTEM account, and you'll be able to see all secret Registry keys that are not available for any other user.  



Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>