Menu

syswin-su

FKorning
Attachments
su_admin_cmd_dir.png (26317 bytes)
su_admin_cmd_prompt.png (21950 bytes)
su_cygwin_bash_dir.png (26501 bytes)
su_elev.png (24595 bytes)
su_elev_bash_dir.png (20701 bytes)
su_elev_bash_uac.jpg (26436 bytes)
su_elev_cmd_dir.png (24595 bytes)
su_elev_cmd_uac.jpg (23335 bytes)

su.exe

@module:     su.exe
@project:    Manufacture.net - SysWin utilities (syswin.manufacture.net)
@author:     Francis Korning (fkorning@yahoo.ca)
@rigths:     (c) 2014 Francis Korning (manufacture.net)
@license:    Lesser GNU Public License (LGPL)

The su utility (aka sudo, superuser, or supershell) allows to launch command shells
either under elevated privileges, or as the administrator, or even another user.

It assumes administrator rights, uses uac dialog, and skips password prompt if possible.

It differs from runas and psexec in that it allows an elevated user command without the
need to prompt for a password: it uses instead the uac administrator privilege dialogue.
However if the current user is already the desired execution administrator or user, no
password is needed. Otherwise it wraps the command into a runas secure password prompt.
Passwords can also be specified in the command line, allowing (insecure) cmd scripting.

The cmd shell can either run a command and exit, or with /keep will keep the shell
active in the desired directory. Crucially unlike runas, psexec, shellrunas, or netsh
an optional /cmd parameter allows to subsequently execute chained shell commands as
the desired user from within the desired directory even for an interactive /keep shell.

This is done through some fancy shell magic. There is hard-wired support for two types
of cmd shells: windows cmd.exe and cygwin bash.exe, both of which will spawn a shell
and execute sub commands correctly.

credits:

Gerson Kurz for pserv/gtools su.exe (BSDL) : (http://p-nand-q.com/download/gtools/)
His su.exe only did an elevated user cmd via uac, no runas, no password or prompt.
Support was added for cygwin bash.exe and critically for executing shell commands,
and most importantly wrapping them with a secure password prompt via runas.exe.
Also windows prompt support was added to reflect user and hostname in cmd shells.
Finally options were added and reworked for a POSIX compliant su / sudo hybrid.

parameters

  usage: su.exe [options]
  options:
             -h --help /help:  this usage and options help message (/?)
           -s --shell /shell:  cmd shell executable to invoke (cmd|bash)
               -d --dir /dir:  directory from which to run cmd shell
             -u --user /user:  user under which to execute cmd shell
             -p --pass /pass:  password to run cmd shell (no prompt)
             -k --keep /keep:  keep cmd shell interactive (default*)
           -l --login /login:  login shell sourcing profile (default*)
           -m --mimic /mimic:  mimic and preserve environment variables (non login+)
             -e --envs /envs:  export additional environment variables (key[=value][,..])
               -c --cmd /cmd:  execute this chained cmd shell command


             * default is /login /keep if no chained cmd is given
             + only for non-login cmd|bash shell as elevated user

logic

  parse cmd shell:

    first determine cmd shell executable:
    shell=null|cmd|cmd.exe         (default) ->  %SYSTEM32%\cmd.exe
    shell=sh|sh.exe|bash|bash.exe  (cygwin)  ->  %CYGWIN%\bin\bash.exe
    shell=another exe,com,cmd,bat            ->  locate from PATH

  determine user:

    next determine user elevation mode. 4 modes:
    user==null (default)   -> Elevated user, no password prompt, uac elevation dialog
    user==current user     -> Elevated user, no password prompt, uac elevation dialog
    user==administrator    -> Impersonating administrator, possible password prompt
    user==another user     -> Impersonating another user, possible password prompt

examples

  • (default) launch an interactive windows cmd shell as elevated user (no password, uac admin rights check)
     su
  • launch a interactive windows cmd shell in a directory as elevated user (no password, uac admin rights check)
     su /dir c:/work /shell cmd
  • launch an interactive cygwin bash shell in a directory as elevated user (no password, uac admin rights check)
     su --dir c:/work --shell bash
  • launch an interactive cmd shell in a directory as administrator (wrap via runas password prompt)
     su /dir c:/work /shell cmd /user administrator
  • launch an interactive cygwin shell in a directory as cyg_server (wrap via runas password prompt)
     su --dir c:/work --shell bash --user cyg_server
  • execute a windows cmd exec in a directory as administrator and keep shell interactive (wrap via runas password prompt)
     su /keep /login /dir c:/work /shell cmd /user administrator /cmd "whoami"
  • execute a cygwin bash exec in a directory as cyg_server and keep shell interactive (wrap via runas password prompt)
     su --keep --login --dir c:/work --shell bash --user cyg_server --cmd "whoami"
  • execute a windows cmd exec in a directory as elevated user and keep shell interactive (no password, uac admin rights check)
     su /keep /login /dir c:/work /shell cmd /cmd "net stop sshd"
  • execute a cygwin bash shell in a directory as elevated user and keep shell interactive
     su --keep --login --dir c:/work --shell bash --cmd "cygrunsrv --start sshd && cygrunsrv --query sshd"
  • execute an explicit windows cmd exec in a directory and keep shell interactive
     su /dir c:/work /shell c:/windows/system32/cmd.exe /cmd "/k ^cd c:/work^"
  • execute an explicit cygwin bash exec in a directory and keep shell interactive
     su --dir c:/work --shell c:/cygwin/bin/bash.exe --cmd "--login -i -c 'cd c:/work && exec bash"

todo

  • /login,/group, options

  • csh,tcsh,ksh,zsh,etc..

  • rsh,ssh, (+ ssh-agent fwd)

  • shellrunas and LSA credentials

  • kerberos/afs/dfs/ntlm tokens

screenshots

  • default windows cmd showing we have no admininstrator rights

  • su elevated user account control prompt for launching a windows cmd shell

  • su elevated user windows cmd showing user host and directory in prompt

  • su elevated user windows cmd showing we have administator rights

  • su elevated user account control prompt for launching a cygwin bash shell

  • su elevated user cygwin bash showing user host and directory in prompt

  • su runas prompt for running windows cmd shell as administrator

  • su administrator windows cmd shell

  • su runas prompt for running cygwin bash shell as cyg_server

  • su cyg_server cygwin bash shell

  • su administrator windows cmd shell executing chained commands to stop sshd

  • su cyg_server cygwin bash shell executing chained commands to start and query sshd

Related

Wiki: syswin

MongoDB Logo MongoDB