NSudo | Series of System Administration Tools | General Thread

Discussion in 'MDL Projects and Applications' started by Mouri_Naruto, Feb 6, 2015.

?

These things you maybe see in the future version of NSudo. What do you think about?

Poll closed Sep 13, 2019.
  1. Publish to Chocolatey? (Suggested by wwtex.)

    8 vote(s)
    66.7%
  2. Publish to scoop? (Suggested by wwtex.)

    1 vote(s)
    8.3%
  3. Publish to Windows Store? (Desktop Bridge.)

    3 vote(s)
    25.0%
  4. Add NSudo Configuration Editor?

    9 vote(s)
    75.0%
  5. Using Qt to implement the UI? (It may increase the binary size of NSudo.)

    3 vote(s)
    25.0%
  6. Compile NSudo with CMake?

    3 vote(s)
    25.0%
  7. Yes

    0 vote(s)
    0.0%
  8. No

    0 vote(s)
    0.0%
Multiple votes are allowed.
  1. Mouri_Naruto

    Mouri_Naruto MDL Developer

    Jul 10, 2014
    392
    1,303
    10
  2. BAU

    BAU MDL Addicted

    Feb 10, 2009
    718
    1,329
    30
    #422 BAU, Oct 6, 2019
    Last edited: Oct 6, 2019
    For me there's no but's - I can enter regedit at the demo prompt and modify TrustedInstaller only keys just fine - I would not be surprised though if it's one of those things ;)

    Edit2:
    This was quick..as it was one of those things.. and guess I've proved you wrong :)
    fix for naked Windows 7 with powershell 2.0 (-ea does not support short form 'sil' instead of 'SilentlyContinue' - it was not even needed for published build as the window is hidden)
     
  3. Thomas Dubreuil

    Thomas Dubreuil MDL Senior Member

    Aug 29, 2017
    356
    587
    10
    #423 Thomas Dubreuil, Oct 6, 2019
    Last edited: Oct 6, 2019
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. BAU

    BAU MDL Addicted

    Feb 10, 2009
    718
    1,329
    30
    #425 BAU, Oct 6, 2019
    Last edited: Oct 10, 2019
    This version can be run from right-click - Send to menu.
    Will also update the 1st showcase of self-elevation to accept any cmd with parameters
    you should update or remove the code in your quoted message as to not generate confusion, tx
     
  5. Mouri_Naruto

    Mouri_Naruto MDL Developer

    Jul 10, 2014
    392
    1,303
    10
    Yes, you are right. It looks more simple. Thank you for introducing a new way to me.:)

    But NSudo can't use that directly because some of NSudo features need to modify the attributes of the access token. Such as creating a process with all access token privileges enabled at the beginning. (What a pity!)

    Kenji Mouri
     
  6. BAU

    BAU MDL Addicted

    Feb 10, 2009
    718
    1,329
    30
    #427 BAU, Oct 7, 2019
    Last edited: Oct 10, 2019
    Once you have SYSTEM, does it really matter?
     
  7. Mouri_Naruto

    Mouri_Naruto MDL Developer

    Jul 10, 2014
    392
    1,303
    10
    #428 Mouri_Naruto, Oct 7, 2019
    Last edited: Oct 7, 2019
    (OP)
    I still need to care about.

    Because some features in NSudo need CreateProcessAsUserW. (For example, run an app with current session user token. I need to use WTSQueryUserToken to assure we get the token correctly. And it needs SYSTEM access token impersonation.) If I use the way your introduced, I need to create a process to do that or keep the old implementations, it makes NSudo more complex.

    I'm afraid that we need many adjustments to use the new way better, because some Windows behaviors associate with the parent process. For example, there is no scroll bars with the new way.
    批注 2019-10-07 161040.png

    Also, most of us, the privileges in Administrators group is enough. I can do things like most people who use TrustedInstaller do with only elevated Administrators group token, such as modify Windows system files and registry. You only need to enable the SeBackupPrivilege and SeRestorePrivilege. (You can try it with 7-Zip File Manager, use NSudo to open it with the Current Process mode and select the Enable all privileges checkbox.) I think I will provide the way to use elevated Administrators group token better in NSudoSDK. (Some Windows APIs need to de hooked for adapt that.)

    I think we should follow the principle of least privilege.

    Kenji Mouri
     
  8. Mouri_Naruto

    Mouri_Naruto MDL Developer

    Jul 10, 2014
    392
    1,303
    10
    upload_2019-10-7_17-15-37.png

    Run As SYSTEM improvement in NSudo.
     
  9. BAU

    BAU MDL Addicted

    Feb 10, 2009
    718
    1,329
    30
    That can be solved by presetting cmd profile or simply adjusting $host.ui.rawui.buffersize - and that's probably the only improvement I'm willing to add :)
    Yeah, that's what I had in mind for the snippet by design - a simple portable alternative to help get some windows administrative tasks done without making a mess with taking ownership of files and registry keys. Anybody needing a more powerful pwning tool should keep using NSudo as usual.
     
  10. Mouri_Naruto

    Mouri_Naruto MDL Developer

    Jul 10, 2014
    392
    1,303
    10
    Yes, so I think that you can learn from #432. (Get the token from lsass.exe, so you can get a full SYSTEM access token.)

    I have tested on NSudo via the NSudo's way.

    Windows Vista Service Pack 2 x64 - Success
    Windows 10 LTSC 2018 x64 - Success
    Windows 10 Version 1909 (18362.10022) - Success
     
  11. BAU

    BAU MDL Addicted

    Feb 10, 2009
    718
    1,329
    30
  12. BAU

    BAU MDL Addicted

    Feb 10, 2009
    718
    1,329
    30
  13. Mouri_Naruto

    Mouri_Naruto MDL Developer

    Jul 10, 2014
    392
    1,303
    10
    #436 Mouri_Naruto, Oct 11, 2019
    Last edited: Oct 11, 2019
    (OP)
  14. Mouri_Naruto

    Mouri_Naruto MDL Developer

    Jul 10, 2014
    392
    1,303
    10
  15. Artemus2013

    Artemus2013 MDL Novice

    Mar 14, 2013
    39
    22
    0
    Been frustrated that I could not get NSudo to run any program located in
    C:\Program Files
    C:\Program Files (x86)

    from it's initialization file (NSudo.json) yet it ran programs in the C:\Windows directory, or a sub-directory thereof, just fine.
    As already discovered by others, NSudo fails when a directory or filename has a space in it.
    And it is reliable only when 2 backslashes are used in directory paths,
    The only way to pass an argument successfully to NSudo is to use DOS 8.3 names.

    So I found what works for me. I use PowerDesk file manager, it's executable path is:
    "C:\Program Files (x86)\Avanquest\PowerDesk\PDExplo.exe"

    Next, below, I have pasted 2 sample NSudo.json files.Each has a slightly different naming, and both work.

    {
    "ShortCutList_V2": {
    "PowerDesk": "C:\\PROGRA~2\\Avanquest\\PowerDesk\\PDExplo.exe",
    "PowerShell": "powershell",
    "PowerShell ISE": "powershell_ise",
    "Hosts编辑": "notepad %windir%\\System32\\Drivers\\etc\\hosts"
    }
    }


    {
    "ShortCutList_V2": {
    "PowerDesk": "C:\\PROGRA~2\\AVANQU~1\\POWERD~2\\PDExplo.exe",
    "PowerShell": "powershell",
    "PowerShell ISE": "powershell_ise",
    "Hosts编辑": "notepad %windir%\\System32\\Drivers\\etc\\hosts"


    }
    }

    You can get the DOS 8.3 file name and path by navigating in a CMD window to the directory where your program is located and typing:

    for %I in (.) do echo %~sI

    If you need just the short names of the current directory, all you have to type is:

    DIR /X.

    Thanks to Thomas Dubreuil
    https://forums.mydigitallife.net/th...-administration-tool.59268/page-14#post-14696

    For his sample file. That's what helped me get this figured out.
     
  16. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    11,066
    47,204
    340
    @Artemus2013

    one of the 2 backslashes is escape character
    can be used similary for spaces and quotes

    Code:
        "Notepad3": "\"C:\\Program Files\\Notepad3\\Notepad3.exe\"",
     
  17. Artemus2013

    Artemus2013 MDL Novice

    Mar 14, 2013
    39
    22
    0
    Thanks. Just tried:
    "NFOPad": "\"C:\\Program Files (x86)\\NFOPad\\NFOPad.exe\"",

    ...and it works.