PowerRunAsSystem
Run application as system with interactive system process support (active Windows session)
This technique doesn't rely on any external tools and doesn't require a Microsoft Service.
It spawns an NT Authority/System
process using the Microsoft Windows Task Scheduler then upgrade to Interactive System Process using cool WinApi's (Run in Active Windows Session)
Install
You can install this module very easily using PowerShell Gallery:
Install-Module -Name PowerRunAsSystem
You might need to execute bellow command to allow unsigned script to be executed:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
If you don't want to use PowerShell Gallery, you can install and import this module manually and/or use it as script.
Usage
Invoke-SystemCommand
Invoke-SystemCommand -Execute "powershell.exe" -Argument "whoami \| Out-File C:\result.txt"
Create a new process (default: powershell.exe
) running under the context of NT AUTHORITY/SYSTEM
in Microsoft Windows session id 0
0
is not directly accessible through your active desktop, any process running under another session than the active one wont be visible. If you want to spawn a new SYSTEM process under active session, use Invoke-InteractiveSystemPowerShell
command instead.
āļø Supported Options:
Parameter | Type | Default | Description |
---|---|---|---|
Execute | String | powershell.exe | Program to execute as SYSTEM (Session 0 ) |
Argument | String | -Command "whoami | Out-File C:\result.txt" | Optional argument to run with program |
Invoke-RevertToSelf
first.
Invoke-InteractiveSystemPowerShell
Invoke-InteractiveSystemPowerShell
Create a new PowerShell instance running under the context of NT AUTHORITY/SYSTEM
and visible on your desktop (active session)
Invoke-RevertToSelf
first.
Invoke-ImpersonateSystem
Invoke-ImpersonateSystem
Impersonate SYSTEM User on current thread (current PowerShell thread) using ImpersonateNamedPipeClient technique.
After impersonating user, you can use Invoke-ImpersonatedProcess
to spawn an interactive process as SYSTEM.
Invoke-ImpersonatedProcess
Invoke-ImpersonatedProcess
Create a new PowerShell instance running under the context of NT AUTHORITY/SYSTEM
and visible on your desktop (active session)
āļø Supported Options:
Parameter | Type | Default | Description |
---|---|---|---|
CommandLine | String | powershell.exe | Program to execute as SYSTEM (Active Session) |
Invoke-RevertToSelf
Invoke-RevertToSelf
Stop impersonating user.
Invoke-ImpersonateSystem
first.
Future Ideas
- Redirect Stdin and Stdout/Stderr to caller (Administrator <--> System).