NSudo | A Powerful System Administration Tool

Discussion in 'MDL Projects and Applications' started by Mouri_Naruto, Feb 6, 2015.

?

These things you maybe see in the future version of NSudo. What do you think about?

Poll closed Sep 13, 2019.
  1. Publish to Chocolatey? (Suggested by wwtex.)

    8 vote(s)
    66.7%
  2. Publish to scoop? (Suggested by wwtex.)

    1 vote(s)
    8.3%
  3. Publish to Windows Store? (Desktop Bridge.)

    3 vote(s)
    25.0%
  4. Add NSudo Configuration Editor?

    9 vote(s)
    75.0%
  5. Using Qt to implement the UI? (It may increase the binary size of NSudo.)

    3 vote(s)
    25.0%
  6. Compile NSudo with CMake?

    3 vote(s)
    25.0%
  7. Yes

    0 vote(s)
    0.0%
  8. No

    0 vote(s)
    0.0%
Multiple votes are allowed.
  1. Mouri_Naruto

    Mouri_Naruto MDL Senior Member

    Jul 10, 2014
    318
    1,084
    10
  2. BAU

    BAU MDL Senior Member

    Feb 10, 2009
    412
    689
    10
  3. BAU

    BAU MDL Senior Member

    Feb 10, 2009
    412
    689
    10
    #424 BAU, Oct 6, 2019
    Last edited: Oct 6, 2019
    For me there's no but's - I can enter regedit at the demo prompt and modify TrustedInstaller only keys just fine - I would not be surprised though if it's one of those things ;)

    Edit2:
    This was quick..as it was one of those things.. and guess I've proved you wrong :)
    fix for naked Windows 7 with powershell 2.0 (-ea does not support short form 'sil' instead of 'SilentlyContinue' - it was not even needed for published build as the window is hidden)
     
  4. Thomas Dubreuil

    Thomas Dubreuil MDL Senior Member

    Aug 29, 2017
    299
    498
    10
    #425 Thomas Dubreuil, Oct 6, 2019
    Last edited: Oct 6, 2019
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. BAU

    BAU MDL Senior Member

    Feb 10, 2009
    412
    689
    10
    #427 BAU, Oct 6, 2019
    Last edited: Oct 10, 2019
    This version can be run from right-click - Send to menu.
    Will also update the 1st showcase of self-elevation to accept any cmd with parameters
    you should update or remove the code in your quoted message as to not generate confusion, tx
     
  6. Mouri_Naruto

    Mouri_Naruto MDL Senior Member

    Jul 10, 2014
    318
    1,084
    10
    Yes, you are right. It looks more simple. Thank you for introducing a new way to me.:)

    But NSudo can't use that directly because some of NSudo features need to modify the attributes of the access token. Such as creating a process with all access token privileges enabled at the beginning. (What a pity!)

    Kenji Mouri
     
  7. BAU

    BAU MDL Senior Member

    Feb 10, 2009
    412
    689
    10
    #429 BAU, Oct 7, 2019
    Last edited: Oct 10, 2019
    Once you have SYSTEM, does it really matter?
     
  8. Mouri_Naruto

    Mouri_Naruto MDL Senior Member

    Jul 10, 2014
    318
    1,084
    10
    #430 Mouri_Naruto, Oct 7, 2019
    Last edited: Oct 7, 2019
    (OP)
    I still need to care about.

    Because some features in NSudo need CreateProcessAsUserW. (For example, run an app with current session user token. I need to use WTSQueryUserToken to assure we get the token correctly. And it needs SYSTEM access token impersonation.) If I use the way your introduced, I need to create a process to do that or keep the old implementations, it makes NSudo more complex.

    I'm afraid that we need many adjustments to use the new way better, because some Windows behaviors associate with the parent process. For example, there is no scroll bars with the new way.
    批注 2019-10-07 161040.png

    Also, most of us, the privileges in Administrators group is enough. I can do things like most people who use TrustedInstaller do with only elevated Administrators group token, such as modify Windows system files and registry. You only need to enable the SeBackupPrivilege and SeRestorePrivilege. (You can try it with 7-Zip File Manager, use NSudo to open it with the Current Process mode and select the Enable all privileges checkbox.) I think I will provide the way to use elevated Administrators group token better in NSudoSDK. (Some Windows APIs need to de hooked for adapt that.)

    I think we should follow the principle of least privilege.

    Kenji Mouri
     
  9. Mouri_Naruto

    Mouri_Naruto MDL Senior Member

    Jul 10, 2014
    318
    1,084
    10
    upload_2019-10-7_17-15-37.png

    Run As SYSTEM improvement in NSudo.
     
  10. BAU

    BAU MDL Senior Member

    Feb 10, 2009
    412
    689
    10
    That can be solved by presetting cmd profile or simply adjusting $host.ui.rawui.buffersize - and that's probably the only improvement I'm willing to add :)
    Yeah, that's what I had in mind for the snippet by design - a simple portable alternative to help get some windows administrative tasks done without making a mess with taking ownership of files and registry keys. Anybody needing a more powerful pwning tool should keep using NSudo as usual.
     
  11. Mouri_Naruto

    Mouri_Naruto MDL Senior Member

    Jul 10, 2014
    318
    1,084
    10
    Yes, so I think that you can learn from #432. (Get the token from lsass.exe, so you can get a full SYSTEM access token.)

    I have tested on NSudo via the NSudo's way.

    Windows Vista Service Pack 2 x64 - Success
    Windows 10 LTSC 2018 x64 - Success
    Windows 10 Version 1909 (18362.10022) - Success
     
  12. BAU

    BAU MDL Senior Member

    Feb 10, 2009
    412
    689
    10
  13. BAU

    BAU MDL Senior Member

    Feb 10, 2009
    412
    689
    10
  14. Mouri_Naruto

    Mouri_Naruto MDL Senior Member

    Jul 10, 2014
    318
    1,084
    10
    #438 Mouri_Naruto, Oct 11, 2019
    Last edited: Oct 11, 2019
    (OP)
  15. Mouri_Naruto

    Mouri_Naruto MDL Senior Member

    Jul 10, 2014
    318
    1,084
    10
    #439 Mouri_Naruto, Oct 14, 2019
    Last edited: Oct 17, 2019 at 04:38
    (OP)