1

I want to enter the password to already running cmd automatically.

I am trying to launch an application through nonadmin mode. I am using the below command.

runas /user:nonadmin "C:\Program Files (x86)\API\Flex.exe"

When I hit enter in cmd, it asks for a password like below

Enter the password for nonadmin:

Now I want to enter the password automatically. I don't want to enter the password manually. How can I do this?

pynexj
  • 19,215
  • 5
  • 38
  • 56
Knowledge Hunt
  • 33
  • 4
  • See https://github.com/zetamatta/expect/ and https://stackoverflow.com/questions/1276561/expect-like-tool-for-windows – Aval Sarri Aug 12 '21 at 11:35
  • I didn't understand the usage of expect. Can u pls elaborate or give an example? _ thank you. – Knowledge Hunt Aug 12 '21 at 11:51
  • 1
    Why not use PowerShell to start a process as a different user rather than trying to automate/send keyboard input? e.g. https://www.itdroplets.com/run-a-command-as-a-different-user-in-powershell/ – Remko Aug 12 '21 at 13:33
  • I am fine with poweshell also. When I did with option 1 from the above link, then I am getting "Windows PowerShell Credential Request" prompt to enter password. – Knowledge Hunt Aug 12 '21 at 14:30

2 Answers2

1

Microsoft Quote

"User Account Control (UAC) was created to make the operating system less vulnerable to malware by having users, even those who are Administrators, run most applications with standard user privileges. UAC offers elevation potential for administrative tasks and other app functions. This elevation potential is provided through the Run as Administrator option, which you get when right-clicking on executable files."

So the Command line RunAs enforces manual passwords

You should not be attempting to use/script admin password in plain sight, however if we are the only user and its convenient to script elevation that may not be our concern.

You have several options to replace CMD>RunAs either by Replacing RunAs.exe or scripting an alternative using powershell.

However I find the simplest is to use SysInternals PsExec since it can be used for so many other similar tasks, between pc's on the lan.

enter image description here

>curl -o %temp%\pstools.zip https://download.sysinternals.com/files/PSTools.zip
>tar -xf %temp%\pstools.zip  PsExec64.exe
>set password=MyPassword
>psexec64 -u Me -p %password% calc.exe
K J
  • 8,045
  • 3
  • 14
  • 36
1

To complement K J's helpful answer:

If this is about interactive convenience and it's acceptable to have to provide the password interactively once per computer (and user), consider use of runas.exe's /savecred option:

runas /user:nonadmin /savecred "C:\Program Files (x86)\API\Flex.exe"

This will prompt for nonadmin's password on first invocation on a given computer for the current user, and not require providing a password in subsequent calls.

Otherwise, if installing a utility such as psexec (shown in K J's answer) isn't an option:

You can send keystrokes to runas.exe that simulate interactive password entry:

# Set your password here, or add it directly to the .SendKeys() argument below.
$password = 'test' 

# Send the password as keystrokes, followed by Enter, then
# launch runas.exe, which should receive the keystrokes as if they
# had been typed interactively.
(New-Object -ComObject WScript.Shell).SendKeys("$password{ENTER}"); runas /user:nonadmin "C:\Program Files (x86)\API\Flex.exe"

Note:

  • The obligatory warning: Plain-text password handling is a security risk.

  • UI scripting (simulating user activity) is not as robust as proper programmatic control.

mklement0
  • 382,024
  • 64
  • 607
  • 775