Run application as system with interactive system process support (active Windows session)
This technique doesn't rely on any external tools and doesn't require a Microsoft Service.
It spawns an
NT Authority/System process using the Microsoft Windows Task Scheduler then upgrade to Interactive System Process using cool WinApi's (Run in Active Windows Session)
PowerBruteLogon is a ported version of WinBruteLogon in pure PowerShell
⚠️ Notice: this version is slower than WinBruteLogon but has the serious advantage of being 100% entirely coded in PowerShell. In a near future, password attempts will be distributed to separate threads to speed up the process. Also keep in mind that this method is very noisy, each failed attempt will get logged on Microsoft Windows Event Logs.
You might find useful information about the technique used in this PoC here
You can find another variant of this program which doesn't requires Networking function and also compatible with any application like Netcat, Telnet etc... here : (RunAsAttached)[https://www.phrozen.io/paper/infosec-tools/runasattached]
RunAsAttached (Local) version is more stable.
The goal of Networked version was to demonstrate inter-process communication using Socket programming.
RunAsAttached (Networked) - 32bit / 64bit
RunAsAttached is a program to run a console as another user and keep new console attached to caller console. Support reverse shell mode (Ex: Netcat)Read more...
RunAs Attached (Local) - 32bit / 64bit
Create a new application process as another Microsoft Windows user and attach its inputs / outputs (stdin, stdout, stderr) to caller console.
The new process is interactivly Attached to caller console.
RunAsAttached.exe -u -p [-d ]
Available on download sectionRead more...
RunAs (Microsoft Windows) - 32bit / 64bit.
This program is an example about how to easily run any programs as any user.
-u <username>: Launch program as defined username.
-p <password>: Password associated to username account.
-e <program>: Executable path (Ex: notepad.exe).