Start runas as subprocess and write password to stdin?

Ch33f picture Ch33f · Sep 4, 2014 · Viewed 7.5k times · Source

I am trying to write a C# program that is supposed to call the runas tool from windows and input the password automatically.

What I tried:

Process runas = new Process();

runas.StartInfo.FileName = "runas";
runas.StartInfo.UseShellExecute = false;
runas.StartInfo.RedirectStandardInput = true;
runas.StartInfo.Arguments = "\"/user:domain\\username\" \"cmd.exe\"";

runas.Start();

StreamWriter stream = runas.StandardInput;
stream.WriteLine("our super secret password");
stream.Flush();

stream.Close();

runas.WaitForExit();
runas.Close();


What happended:
I get the following output.

Please enter the password for "...":
Trying to execute cmd.exe as user "kfz\dummy"...
RUNAS-ERROR: cmd.exe could not be executed
1326: Authentication failed: unknown username or password.

(translated by me from my german windows)

Yes, I quadrupel checked the password and username. Entering everything by hand in the command line works fine.

What I experimented with:
I tried redirecting the Output as well and reading from it, no success.
I tried different variants of writing to the stream:

stream.Write("our super secret password");
stream.Write("our super secret password\n");
stream.Write("our super secret password\r\n");

All results in the same behaviour.


What I noticed:
The runas process seems not to wait for me to write to the stream.
I added a Sleep before writing and I immediately got the above output.

I am afraid runas uses some nonstd-input.....

Research result:
Upon trying to find out what kind of input runas uses I was not successfull.
I found an alternative to the windows builtin runas here however I would prefer not to use it although I might fall back to it if it is impossible to do.
EDIT:
Ok I found sources that say microsoft deliberately prevented people from doing that.....
I hate it when someone does that! If I WANT to use something that is not secure then who is microsoft to keep me from that!
Sorry I got off topic.

One question remains... Can we still get around it somehow? Can we hack runas? ;)

Answer

Luaan picture Luaan · Sep 4, 2014

The whole reason why you're not supposed to do that is because there's an API for that.

No need to use runas.

ProcessStartInfo lets you specify the UserName and Password directly.

For example:

var psi = new ProcessStartInfo();

psi.Domain = "YourDomain";
psi.UserName = "YourUserName";
psi.Password = securePassword;
psi.FileName = "cmd.exe";

Process.Start(psi);