将runas作为子进程启动,并向stdin写密码? [英] Start runas as subprocess and write password to stdin?
问题描述
我正在尝试编写一个C#程序,该程序应该从Windows调用runas工具并自动输入密码.
我尝试过的事情:
I am trying to write a C# program that is supposed to call the runas tool from windows and input the password automatically.
What I tried:
Process runas = new Process();
runas.StartInfo.FileName = "runas";
runas.StartInfo.UseShellExecute = false;
runas.StartInfo.RedirectStandardInput = true;
runas.StartInfo.Arguments = "\"/user:domain\\username\" \"cmd.exe\"";
runas.Start();
StreamWriter stream = runas.StandardInput;
stream.WriteLine("our super secret password");
stream.Flush();
stream.Close();
runas.WaitForExit();
runas.Close();
发生了什么事:
我得到以下输出.
What happended:
I get the following output.
Please enter the password for "...":
Trying to execute cmd.exe as user "kfz\dummy"...
RUNAS-ERROR: cmd.exe could not be executed
1326: Authentication failed: unknown username or password.
(由我从德语窗口翻译而来)
是的,我仔细检查了密码和用户名.在命令行中手动输入所有内容都可以正常工作.
我实验过的东西
我也尝试重定向输出并从中读取,但没有成功.
我尝试了写入流的不同变体:
(translated by me from my german windows)
Yes, I quadrupel checked the password and username. Entering everything by hand in the command line works fine.
What I experimented with:
I tried redirecting the Output as well and reading from it, no success.
I tried different variants of writing to the stream:
stream.Write("our super secret password");
stream.Write("our super secret password\n");
stream.Write("our super secret password\r\n");
所有结果都具有相同的行为.
我注意到的东西:
Runas进程似乎不等我写流.
我在写之前添加了一个Sleep,我立即获得了上面的输出.
恐怕runas使用一些nonstd-input .....
研究结果:
尝试找出运行符使用的输入类型后,我没有成功.
我在此处找到了内置于Windows的替代方法,但是我不希望使用它虽然无法执行,但我可能会退一步.
好的,我发现有消息说微软故意阻止人们这样做.....
我讨厌有人这样做!如果我想使用不安全的东西,那么谁是微软公司可以阻止我这样做呢?
抱歉,我下了话题.
仍然有一个问题……我们还能以某种方式解决它吗?我们可以破解符文吗? ;)
All results in the same behaviour.
What I noticed:
The runas process seems not to wait for me to write to the stream.
I added a Sleep before writing and I immediately got the above output.
I am afraid runas uses some nonstd-input.....
Research result:
Upon trying to find out what kind of input runas uses I was not successfull.
I found an alternative to the windows builtin runas here however I would prefer not to use it although I might fall back to it if it is impossible to do.
Ok I found sources that say microsoft deliberately prevented people from doing that.....
I hate it when someone does that! If I WANT to use something that is not secure then who is microsoft to keep me from that!
Sorry I got off topic.
One question remains... Can we still get around it somehow? Can we hack runas? ;)
推荐答案
您不应该执行此操作的全部原因是因为那里有一个API .
The whole reason why you're not supposed to do that is because there's an API for that.
无需使用runas
.
ProcessStartInfo
可让您直接指定UserName
和Password
.
例如:
var psi = new ProcessStartInfo();
psi.Domain = "YourDomain";
psi.UserName = "YourUserName";
psi.Password = securePassword;
psi.FileName = "cmd.exe";
Process.Start(psi);
这篇关于将runas作为子进程启动,并向stdin写密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!