[addtool] RunAsPasswd #1153
Description
[link]
https://github.com/Sq00ky/RunAsPasswd
[/link]
[tags]
windows, runas
[/tags]
[short_descr]
A RunAs.exe clone with the ability to specify the password as an argument.
[/short_descr]
[long_descr]
Overview
This is a simple "RunAs.exe" clone that has the ability to specify a -p || --password flag. There has been several instances where I have not been in a fully interactive command prompt and have needed to use the runas.exe command. Mimikatz's sekurlsa::pth command is great, but obfuscating Mimikatz is not! Sometimes I just need a simple solution. Why bring a sledge hammer when all you need is a normal hammer? So, that's why I built RunAsPasswd. One day I hope to implement a -h | --hash mechanism for passing a NTLM hash, though I need to do a bit more research on how to actually implement that first.
Technical Details
This clone utilizies the CreateProcessWithLogonW Windows API and supports LOGON_NETCREDENTIALS_ONLY and the default (which I believe is LOGON_WITH_PROFILE). You can control which is used by passing with -n || --netonly flag. If the flag is provided, it with run the program with LOGON_NETCREDENTIALS_ONLY, else, the default.
Help & Changes
The program is fairly similar to the runas.exe command on Windows, just with a few minor changes. Flags are now passed in a unix stlye vs the windows /arg style, so /user: is now -u or --username
[/long_descr]
[image]
[/image]
[image]
[/image]