0

I'm trying to pass a string from vb.net into a command prompt window. In the end I want to use runas and use a password that was supplied earlier when logging into the application as the password. Basically I want to run the runas command, then type the password into the window (or supply it to cmd in some way)

Public Sub runCmd(ByVal pass As String, ByVal command As String, ByVal arguments As String, ByVal permanent As Boolean)
        Dim p As Process = New Process()
        Dim pi As ProcessStartInfo = New ProcessStartInfo()
        pi.Arguments = " " + If(permanent = True, "/K", "/C") + " " + command + " " + arguments
        pi.FileName = "cmd.exe"
        pi.Verb = "runas"
        p.StartInfo = pi
        p.Start()

    End Sub

This is the updated code where I get the directory error 

 Public Sub runCmd(ByVal pass As String, ByVal user As String, ByVal domainName As String, ByVal command As String, ByVal arguments As String, ByVal permanent As Boolean)
        Dim p As Process = New Process()
        Dim pi As ProcessStartInfo = New ProcessStartInfo()
        pi.Arguments = " " + If(permanent = True, "/K", "/C") + " " + command + " " + arguments
        pi.FileName = "cmd.exe"
        pi.Verb = "runas"
        pi.UserName = user
        pi.Domain = domainName
        pi.Password = getSecureString(pass)
        p.StartInfo = pi
        pi.UseShellExecute = False
        p.Start()
    End Sub
Adam
  • 1
  • 1
  • 1
    Have you tried looking [here](https://stackoverflow.com/questions/480358/run-new-process-as-different-user-in-vb-net) ? – the_lotus Jul 18 '19 at 14:04
  • Yea, using createprocesswithlogonW gives me an elevation error and I am using runas as a workaround because I can't disable UAC. – Adam Jul 18 '19 at 14:10

1 Answers1

0

It is not possible to start a Process with elevated privilege and at the same time under a different user account. So, I modified your runCmd function as follows based on Can I get UAC prompt for user from batch file?. A script is created on the fly that contains the command to run with elevated privileges. Then that script is run under the desired user account using Process.

Public Sub runCmd(ByVal password As String, ByVal user As String, ByVal domain As String, ByVal command As String, ByVal permanent As Boolean)
    ' Create script with desired command to run under elevated prompt.
    Dim persist As String = If(permanent, "/K ", "/C ")
    File.WriteAllText(
        "runCmd.js",
        $"ShA=new ActiveXObject(""Shell.Application"")" & vbCrLf &
        $"ShA.ShellExecute(""cmd.exe"",""{persist} {command}"","""",""runas"",5);")
    ' Run script as domain\user with password.
    Dim p As Process = New Process()
    Dim pi As ProcessStartInfo = New ProcessStartInfo()
    pi.Arguments = "runCmd.js"
    pi.FileName = "wscript.exe"
    pi.UserName = user
    pi.Domain = domain
    pi.Password = GetSecureString(password)
    p.StartInfo = pi
    pi.UseShellExecute = False
    p.Start()
End Sub

where the GetSecureString() function is defined as follows.

Public Function GetSecureString(ByVal str As String) As SecureString
    Dim secureString As SecureString = New SecureString
    For Each ch As Char In str
        secureString.AppendChar(ch)
    Next
    secureString.MakeReadOnly()
    Return secureString
End Function

For example, you can call:

runCmd("password", "user", "domain", "dir", True)

you will get the UAC prompt, a command window will open, the dir command will be run, and the command window will stay opened.

You could further customize your solution by looking at the different options available with ShellExecute and wscript.

RobertBaron
  • 2,817
  • 1
  • 12
  • 19