Jump to content











Submitter

SUPPORT TOPIC File Information

  • Submitted: Nov 14 2012 11:18 PM
  • Last Updated: Nov 14 2012 11:18 PM
  • File Size: 1.47MB
  • Views: 9156
  • Downloads: 2870

Download RunInSessionX

- - - - -



Screenshots
This is example of how to run a program in any session from any session on nt6.x (Vista - Winodws 8)

Normally it is a matter of duplicating a token of for instance winlogon.exe in order to start a process in your current session as LocalSystem. However you will not be able to start a process into a different session even if you are LocalSystem when outside of session 0. The old workaround has been to temporarily install and start a Windows service and launch the application from there. Then you will get to permission to launch across sessions. For instance PsExec uses this trick.

Now instead of using that workaround, my tool named RunInSession.exe will start a remote thread. It will inject binary code into the virtual address space of a given process running in session 0, and execute it there, thus inheriting whatever the host process had permission to. Techinically this method is the same as dll injection.

It is very similar to a previous application I made named Session0Cmd. It's just expanded upon.

Because you start a process inside session 0, you can't easily interact with it directly from your own session after process has started. For that reason another application has been included, called RunInAnySession.exe. It takes some parameters in order to tweak how and what is executed from RunInSession.

Syntax is:
RunInAnySession HiddenFlag SessionId account command
  • Hiddenflag can be 0 or 1.
  • SessionId is the sessionId to start process in. A value of 0 does not indicate session 0, but means all sessions (ie also all currently logged terminal sessions + console logins).
  • Account can be "user" or "system".
  • Command is the program + parameter to launch.

Example to start calc in all sessions as the currently logged in user in that session:
RunInSession "%CD%\RunInAnySession 0 0 user calc"

Example to start cmd as LocalSystem inside session 2
RunInSession "%CD%\RunInAnySession 0 2 system cmd"

Notice that RunInsession.exe is the loader for RunInAnySession.exe.

Also notice that it is possible to execute an application to run in any session (as the name should suggest) all at once. That means into any console and/or RDP session, either individually or collectively in one go. And you can choose the user account from which to run the program under in a given session (either LocalSystem or current user in the target session).

Has been tested on Windows 7 x64. Should work on any 32-bit/64-bit of nt6.x (Vista and later).






  • 430 Total Files
  • 13 Total Categories
  • 92 Total Authors
  • 6808155 Total Downloads
  • Shell Latest File
  • Mahmoud Latest Submitter

98 user(s) are online (in the past 3000 minutes)

0 members, 98 guests, 0 anonymous users