Problem with process privilege escalation

• Question

• string file = "C:\test.bat";
ProcessStartInfo psi = new ProcessStartInfo();
psi.Domain = "KRISTIJANK";
psi.UserName = "John"; //John is admin
psi.Password = sec_pass;   //created in Form_Load
psi.WorkingDirectory = @"C:\Windows\System32";
psi.FileName = @"cmd.exe";
psi.Arguments = @"/C del " + file;
psi.UseShellExecute = false;
Process.Start(psi);

Idk whay this code not working...
CMD window appear and disapear.
Maybe process aren't started as admin? :/
Sunday, September 6, 2015 6:27 AM

Answers

• Hi KKristijan,

I would suggest you put the following file in D disk. Most people use C: for the operating system, and D: for data storage but the letters are totally arbitrary.

string file = "C:\test.bat";

I've tested these code on my side, It works fine without username, password.

 string file =@"D:\text.txt";

ProcessStartInfo psi = new ProcessStartInfo();

psi.WorkingDirectory = @"C:\Windows\System32";

psi.FileName = @"cmd.exe";

psi.Arguments = @"/C del " + file;

psi.UseShellExecute = false;

Process.Start(psi);
Moreover, this starts a process using the "runas" verb, which makes the shell try to execute it in elevated privileges mode. But we actually need the shell to be involved in this in the first place, hence the UseShellExecute = true value.
 System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();
startInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;
startInfo.WorkingDirectory = @"C:\Windows\System32";
startInfo.FileName = "cmd.exe";
startInfo.Verb = "runas";

Best regards,

Kristin

We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click HERE to participate the survey.

Monday, September 7, 2015 2:28 AM