Run application as system with interactive system process support (active Windows session)
This technique doesn't rely on any external tools and doesn't require a Microsoft Service.
It spawns an
NT Authority/System process using the Microsoft Windows Task Scheduler then upgrade to Interactive System Process using cool WinApi's (Run in Active Windows Session)
PowerRunAsAttached is a ported version of RunAsAttachedLocal in Powershell with inline CSharp.
This script allows to spawn a new interactive console as another user account in the same calling console (console instance/window).
One possible example is that this tool gives you with ease the possibility to do vertical / horizontal privilege escalation through your already established Netcat / WinRM session.
You can find another variant of this program which doesn't requires Networking function and also compatible with any application like Netcat, Telnet etc... here : (RunAsAttached)[https://www.phrozen.io/paper/infosec-tools/runasattached]
RunAsAttached (Local) version is more stable.
The goal of Networked version was to demonstrate inter-process communication using Socket programming.
RunAsAttached (Networked) - 32bit / 64bit
RunAsAttached is a program to run a console as another user and keep new console attached to caller console. Support reverse shell mode (Ex: Netcat)Read more...
RunAs Attached (Local) - 32bit / 64bit
Create a new application process as another Microsoft Windows user and attach its inputs / outputs (stdin, stdout, stderr) to caller console.
The new process is interactivly Attached to caller console.
RunAsAttached.exe -u -p [-d ]
Available on download sectionRead more...