Feature: Ask To Elevate

[LostSoulfly]

Essentially, tells the client to ShellExecute itself which opens up a UAC Consent window that the user can accept or decline. If accepted, the original client is stopped and the new client with Admin rights connects to the server.

This is the second C# thing I've worked on, so any tips or criticism is welcome.
This is the first pull request I've ever done. I'm still learning Git, too.

[DragonzMaster]

You can make the client open new cmd as admin and pass client path as an argument and it will open the client again.
Edit for ex :
proc.Arguments = "/c ping 8.8.8.8";

[LostSoulfly]

I'm not sure I follow you. I don't know of a way to do this without using an external program (Like psexec or Hstart). This method doesn't rely on anything external. It's the simplest and most efficient way I've found, unless you can show me a different example.

[DragonzMaster]

Example from shell:

_prc = new Process
            {
                StartInfo = new ProcessStartInfo("cmd")
                {
                    UseShellExecute = false,
                    CreateNoWindow = true,
                    WorkingDirectory = Path.GetPathRoot(Environment.GetFolderPath(Environment.SpecialFolder.System)),
                    Arguments = "/K"
                }
            };
            _prc.Start();

I think we can add client path as an argument to open it again
and you can add the both methods

[LostSoulfly]

Having not tried your method yet, see: http://stackoverflow.com/questions/3596259/elevating-privileges-doesnt-work-with-useshellexecute-false

I don't believe you can elevate without UseShellExecute = true

What's the advantage of doing it the way you've shown? My way does exactly what you said: open the client again. I mean no offense, but it seems that your way is accomplishing the same thing but doing so in a more roundabout way while relying on cmd.exe.

[DragonzMaster]

The example is just from client's shell but you can change it to true
The point that when using cmd the client will accept the elevation of system process, I think it may be good with some antiviruses and the client would trust and elevate it.
[sorry for my English as it is not my first language]

[LostSoulfly]

Ah, I think I understand what you mean. You're saying that if the end user
sees the elevation request from a Command Prompt that they'll be more
likely to allow it. I agree, it's subtle and would likely work well. Most
people would simple click through it without thinking.

I believe this project is trying to distance itself from the stigma
associated with malicious or shady intents -- my method is very obvious and
blatant as to what is requesting the elevation.

I will be communicating either by phone or email with the person who will
see the prompt, so I can tell them to allow it. (I plan to use this on many
computers that I manage in an Active Directory setting)

On Fri, Mar 18, 2016 at 3:37 PM, DragonzMaster notifications@github.com
wrote:

In Client/Core/Commands/SystemHandler.cs
#430 (comment):

@@ -438,6 +439,35 @@ public static void HandleDoProcessKill(Packets.ServerPackets.DoProcessKill comma
}
}

•    public static void HandleAskElevate(Packets.ServerPackets.DoAskElevate command, Client client)
  

•    {
  

•        if (!(WindowsAccountHelper.GetAccountType() == "Admin"))
  

•        {
  

•            ProcessStartInfo proc = new ProcessStartInfo();
  

•            proc.UseShellExecute = true;
  

•            proc.WorkingDirectory = Environment.CurrentDirectory;
  

•            proc.FileName = Application.ExecutablePath;
  

The example is just from client's shell but you can change it to true
The point that when using cmd the client will accept the elevation of
system process, I think it may be good with some antiviruses and the client
would trust and elevate it.
[sorry for my English as it is not my first language]

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
https://github.com/quasar/QuasarRAT/pull/430/files/9b0e1d8a230e0d5fdd9b150d59f91e82d197e085#r56710952

[DragonzMaster]

I think their is misunderstanding, the client already is classified as malicious by some antivirus companies. I think you should also take permission and notify the user that his desktop (for example) is monitored.
Finally good work, It is up to you it was just a suggestion 😄

[MaxXor]

Thanks for the pull request!