目的
本文章目的于将 CPAU 备份。因为已经个人在了解、寻找、下载此工具时, 走了不少弯路。
原文地址:www.joeware.net/freetools/tools/cpau/
翻译(自动)
CPAU
摘要
用于在备用安全性上下文中启动过程的命令行工具。基本上,这是符文替代品。还允许您创建作业文件并在文件中对ID,密码和命令行进行编码,以便普通用户可以使用它。
平台
Windows 2000
Windows Server 2003
Windows XP
Windows 7 (支持,已测试)
Windows 10 (支持,已测试)
当前版本
版本1.11.0-2005年11月8日
先前版本的修改
修复标题错误
添加了-c帮助
验证密码不为空
修复了-k / -c可能的错误
更改了一些内部字符串处理
使用网络信誉时添加了警告
为-profile添加了-localwithprofile和-lwp别名
添加了-localwithoutprofile和-lwop
新增-nowarn
添加了-outprocexit
从本地系统运行时不起作用
安全要求
在Windows XP或Windows 2003计算机上,不需要特殊权限。在Windows 2000上,需要具有“充当操作系统的一部分”权限(SE_TCB_NAME)。
语言
C++. Compiled with Borland Builder 6.0
故事
CPAU是一种非常流行的工具。创建此工具的最初目的是双重的,可以在命令行上传递密码,并可以使用网络凭证与本地凭证进行启动。第一个无法使用RUNAS完成,第二个要求我添加一个附加参数,并且我每天都运行RUNAS很多次,并且讨厌键入 / netonly。
这个工具的使用已经遍地开花。不幸的是,大多数人使用它来增强本地PC上的登录脚本和类似权限,因此它们都使用-profile或-lwp开关(强制进行本地交互式登录)而卡住。注意我说,卡住了。是的,我没有更改该功能。如有疑问,请输入-profile或-lwp。如果您尝试使用增强的权限连接到外部计算机,并且您正在使用的ID无法通过信任通道进行身份验证,则会收到身份验证错误,并且知道需要获取网络凭据。如果您在工作组模式下工作,几乎总是需要网络凭据而不是本地凭据。
现在有一件有趣的事情,人们似乎对网络凭证一无所知。当您建立它们时,只有在尝试连接某物之前,不会验证密码。因此,您可以输入所需的任何密码,它将为您启动该过程。当您触摸远程资源时,如果您输入错误的密码会发现错误,请记住这一点,这一点很重要。请注意,该程序没有损坏,这就是工作方式。
让人感到困惑的另一件事是网络驱动器的安全性。当在另一个安全上下文中生成进程时,您将无法访问当前的网络驱动器。这是Microsoft一直实施的安全功能。在Windows NT中不是这种情况,我无法帮助您重新启用它,因为您不能这样做。您应尽可能使用UNC连接远程文件共享。请参阅:http://support.microsoft.com/kb/180362
人们最终要求我最终添加的功能之一是能够对要在加密文件中执行的用户ID,密码和命令行进行编码。我已经这样做了,但是我没有处理使所有人都能很好地使用加密的大问题,而是建立了专有的编码算法,该算法严重混淆了编码文件中的信息。同样,这不是强加密,而是文本编码。我会说编码非常不错,但是毫无疑问,对破解它非常感兴趣的人肯定可以给予足够的时间,此外,对于真正了解Windows API的任何人都可以使用其他潜在的机制来获取这些信息。正在使用的用户名和密码。从正面看,编码文件中大量使用随机数,并且具有相同ID和密码的相同命令不会两次生成相同的编码文件。这使得破解文件变得更加困难,几乎没人在看着调试器中运行的东西。
除编码选项外,还有-crc选项,该选项可让您为文件生成CRC,并将它们也存储在编码后的文件中。如果CRC检查失败,则作业文件将不会执行。
编码文件的格式是一种简单的文本格式,因此,如果您想将其复制并粘贴或通过电子邮件发送给某人,则可以轻松进行。
我给CPAU发送的第一封电子邮件是关于人们试图使用它来运行登录脚本的消息,据说它没有将用户上下文切换到管理上下文。答案总是,请使用-profile或-lwp开关。我的下一个最常见的电子邮件是人们在处理路径时留有空格,而没有正确使用引号。如果某些方法无法正常工作,请在尝试与我联系之前使用-profile或-lwp并使用引号。请注意,如果使用的是作业文件,则在解码作业文件时(而不是在对其进行编码时)在命令行上指定-profile或-lwp。
原文
CPAU
Summary
Command line tool for starting process in alternate security context. Basically this is a runas replacement. Also allows you to create job files and encode the id, password, and command line in a file so it can be used by normal users.
Warranty
See warranty.
PlatForms
Windows 2000
Windows Server 2003
Windows XP
Current Version
Version 1.11.0 - November 08, 2005
Modification(s) from previous version
Fixed title bug
Added -c to help
Verify password not blank
Fixed possible bug with -k/-c
Changed some of the internal string handling
Added a warning when using net creds
Added -localwithprofile and -lwp aliases for -profile
Added -localwithoutprofile and -lwop
Added -nowarn
Added -outprocexit
Will not work when run from localsystem
Security Requirements
On a Windows XP or Windows 2003 machine, no special permissions are required. On Windows 2000 "Act as part of the Operating System" right (SE_TCB_NAME) is required.
Language
C++. Compiled with Borland Builder 6.0
Source Code Availability
None
Story
CPAU is an extremely popular tool. My original point in creating this tool was two fold, the ability to pass the password on the command line and to start up with network credentials versus local credentials. The first couldn't be done with RUNAS, the second required me to add an additional parameter and I was running RUNAS many times every day and was sick of typing /netonly.
The use of this tool has gone through the roof. Unfortunately most people use it to enhance permissions on the local PC for logon scripts and other things like that so they are all stuck using the -profile or -lwp switches which force a local interactive logon. Note I said, stuck. That's right, I am not changing that functionality. When in doubt, type in -profile or -lwp. If you are trying to connect to a foreign machine with the enhanced permissions and the ID you are using can't be authenticated through the trust channels you will get an authentication error and you will know you need to get network credentials. If you are working in workgroup mode, you almost ALWAYS need network credentials instead of local credentials.
Now there is one fun thing that people don't seem to get the hang of with network credentials. When you establish them, the password is NOT verified until you try to connect to something. So you can type in any password you want and it will fire up the process for you. When you go to touch the remote resource is when you will catch the error if you typed the password wrong, keep that in mind, it is important. Note that the program isn't broken, that is how it HAS to work.
Another thing that confused people is security of network drives. When you spawn a process in another security context, you lose access to your current network drives. This is a security function Microsoft has been implementing. It wasn't the case in Windows NT and I know of no way to help you get it re-enabled because you can't. You should use UNC's as much as possible for connecting to remote file shares. See http://support.microsoft.com/kb/180362
One function that people kept asking for that I eventually added was the ability to encode the userid, password, and command line to be executed in an encrypted file. I have done that but instead of dealing with the massive issues in making encryption work well for everyone I have set up a proprietary encoding algorithm that seriously obfuscates the information in the encoded file. Again, this is NOT strong encryption, this is text encoding. I will say that the encoding is pretty decent but I have no doubt that someone who was seriously interesting in cracking it certainly could given enough time, plus there are other underlying mechanisms available to anyone who really understands Windows API that can be used to get the userid and password being used. On the positive side there is a large use of random numbers in the encoded file and the same command with the same ID and password will not generate the same encoded file two times. This makes it much tougher to crack the file and few people are running around watching things running in debuggers.
Along with the encoding option there is a -crc option that will allow you to generate CRCs for the files and store those in the encoded file as well. If the CRC check fails, the job file will not execute.
The format of encoded file is a simple text format so if you want to copy and paste it or email it to someone, you will be able to do so without hassle.
My number one email with CPAU is about people trying to use it to run logon scripts and it not supposedly switching the context of the user to the admin context. The answer is always, use the -profile or -lwp switch. My next most common email is people doing things with spaces in the paths and not properly using quotes. If something doesn't work right, use -profile or -lwp and use quotes before trying to contact me. Note that if you are using job files, you specify the -profile or - lwp on the command line when you decode the job file, not when you encode it.