How to run cmdkey.exe /list as a user with admin rights but without knowing the password?

D

Dmitry2020-12-17 13:55:29

System administration

Dmitry, 2020-12-17 13:55:29

There are several dozen computers, not in the domain, but with centrally managed anti-virus software, so you can run arbitrary commands from the System user. It is required to collect the saved credentials for connections to fileshares, which can be obtained by the command
cmdkey.exe /list
The command gives data for the user from which it is run.
Question: is it possible, and if so, how can I run a command as a specific user via runas / PowerShell / etc so that they do not need to enter their password? (i.e. you need an analogue of the Linux sudo -u someuser cmd )

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

C

ComodoHacker, 2020-12-18
@ComodoHacker

As far as I know, no password.
You can use a script from the system to put another script into the user's autoload, and at the next login it will be executed from the user.

R

rklw341, 2020-12-19
@rklw341

as an option to use LiteManager (not advertising). In it, you can run CMD on behalf of the user or system.

M

Moskus, 2020-12-20
@Moskus

Under windows this is not possible. There are crutches like https://github.com/gerardog/gsudo , but none of them bypass UAC completely, of course.

K

KaP1, 2020-12-17
@KaP1

Doesn't that fit?
We make a link on the desktop, change the icon in the rest, change the path:
C:\Windows\System32\runas.exe /savecred /user:Domine\Username "C:\Programs\YourFile.exe"