Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

WMI - Executing external Programs

Posted on 2006-11-01
3
Medium Priority
?
2,401 Views
Last Modified: 2012-05-05
hello, im using this function to execute external program, running as windows Administrator user
It runs successfuly using administrator user, I checked using Task Manager. But it runs hidden. The window is not shown

help!



        public string RunWMI(string domain, string userID, string pwd, string appString, string argString)
        {
            string rc = "";
            ConnectionOptions options = new ConnectionOptions();
            string serverName = System.Net.Dns.GetHostName();
            // because we are impersonating and running against the local machine
            // we do not validate
            //options.Username = domain + @"\" + userID;
            //options.Password = pwd;
            //Create a scope to work in
            ManagementScope WmiScope = new ManagementScope(@"\\" + serverName, options);
            WmiScope.Connect();
            ManagementClass processClass = new ManagementClass("Win32_Process");
            processClass.Scope = WmiScope;
            ManagementClass startup;
            startup = new ManagementClass("WIN32_ProcessStartup");
            startup.Scope = WmiScope;
            startup["ShowWindow"] = 3;
            startup["X"] = 10;
            startup["Y"] = 10;
            //Get an input parameters object for this method
            ManagementBaseObject inParams = processClass.GetMethodParameters("Create");
            //Fill in input parameter values
            inParams["CommandLine"] = appString + " " + argString; //' Or whatever application you want
            inParams["ProcessStartupInformation"] = startup;
            //Note: The return code of the method is provided in the "returnValue" property of the outParams object
            ManagementBaseObject outParams = processClass.InvokeMethod("Create",inParams, null);
            return rc;
        }
0
Comment
Question by:dynamicrevolutions
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Accepted Solution

by:
plq earned 2000 total points
ID: 17856281
It will. You are launching under the SYSTEM account, which cannot interact with the desktop. It will always be a hidden process.

I don't see a way around that other than launching another EXE from your command line program.

WMI on your box >> Launches EXE1 on xyz Box which launches EXE2 on xyz box with different credentials and interact with desktop. Have a look at System.Diagnostics.Process.Start(sExe)

You could use the NT AT command to launch it instead, but thats very goofy compared to wmi

Or you could use the techniques used by sysinternals psexec to launch a process on another machine via services - again, very goofy and high impact

thanks
0
 
LVL 5

Author Comment

by:dynamicrevolutions
ID: 17856329
I tried launcing the service using SYSTEM account + Interact with desktop. its hidden
I also tried using Administrator account, and impersonating as Administrator to execute that process, even though that external process is runned under Administrator account, it is still hidden.

combination of WMI (Impersonation+Executing) + Psexec does the trick. thanks  a lot !
(I suspect WMI is not necessary, because of having psexec now)
0
 
LVL 8

Expert Comment

by:plq
ID: 17856353
OK. But be aware that psexec puts a service on the target machine which could be a vulnerability since it opens up another way to launch malware on a remote box
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Ivo
C# And Nullable Types Since 2.0 C# has Nullable(T) Generic Structure. The idea behind is to allow value type objects to have null values just like reference types have. This concerns scenarios where not all data sources have values (like a databa…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question