Solved

WMI - Executing external Programs

Posted on 2006-11-01
3
2,395 Views
Last Modified: 2012-05-05
hello, im using this function to execute external program, running as windows Administrator user
It runs successfuly using administrator user, I checked using Task Manager. But it runs hidden. The window is not shown

help!



        public string RunWMI(string domain, string userID, string pwd, string appString, string argString)
        {
            string rc = "";
            ConnectionOptions options = new ConnectionOptions();
            string serverName = System.Net.Dns.GetHostName();
            // because we are impersonating and running against the local machine
            // we do not validate
            //options.Username = domain + @"\" + userID;
            //options.Password = pwd;
            //Create a scope to work in
            ManagementScope WmiScope = new ManagementScope(@"\\" + serverName, options);
            WmiScope.Connect();
            ManagementClass processClass = new ManagementClass("Win32_Process");
            processClass.Scope = WmiScope;
            ManagementClass startup;
            startup = new ManagementClass("WIN32_ProcessStartup");
            startup.Scope = WmiScope;
            startup["ShowWindow"] = 3;
            startup["X"] = 10;
            startup["Y"] = 10;
            //Get an input parameters object for this method
            ManagementBaseObject inParams = processClass.GetMethodParameters("Create");
            //Fill in input parameter values
            inParams["CommandLine"] = appString + " " + argString; //' Or whatever application you want
            inParams["ProcessStartupInformation"] = startup;
            //Note: The return code of the method is provided in the "returnValue" property of the outParams object
            ManagementBaseObject outParams = processClass.InvokeMethod("Create",inParams, null);
            return rc;
        }
0
Comment
Question by:dynamicrevolutions
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Accepted Solution

by:
plq earned 500 total points
ID: 17856281
It will. You are launching under the SYSTEM account, which cannot interact with the desktop. It will always be a hidden process.

I don't see a way around that other than launching another EXE from your command line program.

WMI on your box >> Launches EXE1 on xyz Box which launches EXE2 on xyz box with different credentials and interact with desktop. Have a look at System.Diagnostics.Process.Start(sExe)

You could use the NT AT command to launch it instead, but thats very goofy compared to wmi

Or you could use the techniques used by sysinternals psexec to launch a process on another machine via services - again, very goofy and high impact

thanks
0
 
LVL 5

Author Comment

by:dynamicrevolutions
ID: 17856329
I tried launcing the service using SYSTEM account + Interact with desktop. its hidden
I also tried using Administrator account, and impersonating as Administrator to execute that process, even though that external process is runned under Administrator account, it is still hidden.

combination of WMI (Impersonation+Executing) + Psexec does the trick. thanks  a lot !
(I suspect WMI is not necessary, because of having psexec now)
0
 
LVL 8

Expert Comment

by:plq
ID: 17856353
OK. But be aware that psexec puts a service on the target machine which could be a vulnerability since it opens up another way to launch malware on a remote box
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
itextsharp with c# 3 32
Need help with a query 14 48
Using sample Autorize.net c# simple example 1 51
Returning multiple values with a stored procedure 9 29
Article by: Ivo
C# And Nullable Types Since 2.0 C# has Nullable(T) Generic Structure. The idea behind is to allow value type objects to have null values just like reference types have. This concerns scenarios where not all data sources have values (like a databa…
This article introduced a TextBox that supports transparent background.   Introduction TextBox is the most widely used control component in GUI design. Most GUI controls do not support transparent background and more or less do not have the…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Suggested Courses

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question