A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Paul:



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old February 1st 19, 04:04 PM posted to alt.comp.os.windows-10
slate_leeper[_2_]
external usenet poster
 
Posts: 63
Default Paul:

Are you familiar with this one?

https://winaero.com/comment.php?comment.news.1843


-dan z-


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)
Ads
  #2  
Old February 1st 19, 05:19 PM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Paul:

slate_leeper wrote:
Are you familiar with this one?

https://winaero.com/comment.php?comment.news.1843


-dan z-


Not that particular one.

How they work, is a particular service has to be running.
A "token" is transferred from the service before you
can "do stuff" as TrustedInstaller.

So this is not the usual impersonation mechanism, but
involves an additional step.

To go from Administrator to SYSTEM, I think that's
impersonation. Whereas Administrator to TrustedInstaller
also involves the transfer of the token from the service
that provides it. It's not really an account. There's
no TrustedInstaller Home directory. Neither is there
a TrustedInstaller password. If the service that
provides the token isn't set running first (which
is usually triggered by install activity such as
Setup.exe, some.msi, or maybe some Windows Update
activity), then you cannot copy the token and use it.

You can see in the messages, what privileges it asserts to do this.

In this example, I'm acquiring TrustedInstaller token
so I can delete something from Program Files. I'm working
in Command Prompt windows. I don't know if launching
Regedit that way works properly or not.

https://s22.postimg.cc/ktpilht29/ele..._installer.gif

psexec -hsi cmd

(make sure Windows Module Installer service is running now...)

RunFromToken.exe trustedinstaller.exe 1 cmd

cd /d C:\Program Files\7-Zip
del 7z.exe

The "RunasSystem.exe" and "RunasSystem_x64.exe" programs which came
out at the same time, is similar to the "psexec" from Sysinternals.com.

The RunFromToken concept, I don't think Sysinternals has an equivalent.

Paul


 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 01:08 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.