If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Attn: Paul
Are you familiar with this program?
https://www.sordum.org/9416/powerrun...st-privileges/ -dan z- -- Someone who thinks logically provides a nice contrast to the real world. (Anonymous) |
Ads |
#2
|
|||
|
|||
Attn: Paul
slate_leeper wrote:
Are you familiar with this program? https://www.sordum.org/9416/powerrun...st-privileges/ -dan z- I use psexec/psexec64 for SYSTEM account. https://docs.microsoft.com/en-us/sys...wnloads/psexec psexec -hsi cmd === 32 bit OS, opens SYSTEM cmd.exe window psexec64 -hsi cmd === 64 bit OS, opens SYSTEM cmd.exe window https://s9.postimg.cc/vwioz43f3/WIN10_delete_ENUM.gif Then in the new command window, this is an example of a command that causes the OS to rediscover all hardware. reg delete HKLM\SYSTEM\CurrentControlSet\Enum /f You've seen this one before. RunFromToken.exe trustedinstaller.exe 1 cmd (Worked example of RunFromToken, deleting a file from Program Files) http://al.howardknight.net/msgid.cgi...nt-email.me%3E ******* Highest privileges is a relative thing. Everything in Windows now is the "IT two-step", requiring more than one operation to get what you want. Paul |
#3
|
|||
|
|||
Attn: Paul
On Sat, 25 Aug 2018 16:03:04 -0400, Paul
wrote: slate_leeper wrote: Are you familiar with this program? https://www.sordum.org/9416/powerrun...st-privileges/ -dan z- I use psexec/psexec64 for SYSTEM account. https://docs.microsoft.com/en-us/sys...wnloads/psexec psexec -hsi cmd === 32 bit OS, opens SYSTEM cmd.exe window psexec64 -hsi cmd === 64 bit OS, opens SYSTEM cmd.exe window https://s9.postimg.cc/vwioz43f3/WIN10_delete_ENUM.gif Then in the new command window, this is an example of a command that causes the OS to rediscover all hardware. reg delete HKLM\SYSTEM\CurrentControlSet\Enum /f You've seen this one before. RunFromToken.exe trustedinstaller.exe 1 cmd (Worked example of RunFromToken, deleting a file from Program Files) http://al.howardknight.net/msgid.cgi...nt-email.me%3E ******* Highest privileges is a relative thing. Everything in Windows now is the "IT two-step", requiring more than one operation to get what you want. Paul This program is supposed to get you to TrustedInstaller level. I couldn't get to it with the RunFromToken. ("Process ID not found. Are you sure the process is running?") I am just wondering if you knew if this program is legitimate. -dan -z -- Someone who thinks logically provides a nice contrast to the real world. (Anonymous) |
#4
|
|||
|
|||
Attn: Paul
slate_leeper wrote:
On Sat, 25 Aug 2018 16:03:04 -0400, Paul wrote: slate_leeper wrote: Are you familiar with this program? https://www.sordum.org/9416/powerrun...st-privileges/ -dan z- I use psexec/psexec64 for SYSTEM account. https://docs.microsoft.com/en-us/sys...wnloads/psexec psexec -hsi cmd === 32 bit OS, opens SYSTEM cmd.exe window psexec64 -hsi cmd === 64 bit OS, opens SYSTEM cmd.exe window https://s9.postimg.cc/vwioz43f3/WIN10_delete_ENUM.gif Then in the new command window, this is an example of a command that causes the OS to rediscover all hardware. reg delete HKLM\SYSTEM\CurrentControlSet\Enum /f You've seen this one before. RunFromToken.exe trustedinstaller.exe 1 cmd (Worked example of RunFromToken, deleting a file from Program Files) http://al.howardknight.net/msgid.cgi...nt-email.me%3E ******* Highest privileges is a relative thing. Everything in Windows now is the "IT two-step", requiring more than one operation to get what you want. Paul This program is supposed to get you to TrustedInstaller level. I couldn't get to it with the RunFromToken. ("Process ID not found. Are you sure the process is running?") I am just wondering if you knew if this program is legitimate. -dan -z To get RunFromToken to work, you have to manually start the WMI service, before executing the RunFromToken command. I suspect that's why it didn't work for you - missing step. I think that step was in my instructions. The people who write programs like this, their experience level is high, and they can basically do anything they want to your machine. You run their program as administrator, and they copy the token from WMI so it can be used elsewhere. That involves a pretty high level of trust. And scanning the file with an AV, doesn't tell you all that much. You can upload it to Virustotal.com and see what the result is. Paul |
Thread Tools | |
Display Modes | Rate This Thread |
|
|