所以,我想在pipe理员模式下运行一个程序(UAC)
经过一番挖掘,我想这个:
import os import types from traceback import print_exc from sys import argv, executable def isUserAdmin(): if os.name == 'nt': import ctypes # WARNING: requires Windows XP SP2 or higher! try: return ctypes.windll.shell32.IsUserAnAdmin() except: print_exc() print "Admin check failed, assuming not an admin." return False elif os.name == 'posix': # Check for root on Posix return os.getuid() == 0 else: raise RuntimeError, "Unsupported operating system for this module: %s" % (os.name,) def runAsAdmin(cmdLine=None, wait=True): if os.name != 'nt': raise RuntimeError, "This function is only implemented on Windows." import win32api, win32con, win32event, win32process from win32com.shell.shell import ShellExecuteEx from win32com.shell import shellcon python_exe = executable if cmdLine is None: cmdLine = [python_exe] + argv elif type(cmdLine) not in (types.TupleType,types.ListType): raise ValueError, "cmdLine is not a sequence." cmd = '"%s"' % (cmdLine[0],) # XXX TODO: isn't there a function or something we can call to massage command line params? params = " ".join(['"%s"' % (x,) for x in cmdLine[1:]]) cmdDir = '' showCmd = win32con.SW_SHOWNORMAL #showCmd = win32con.SW_HIDE lpVerb = 'runas' # causes UAC elevation prompt. # print "Running", cmd, params # ShellExecute() doesn't seem to allow us to fetch the PID or handle # of the process, so we can't get anything useful from it. Therefore # the more complex ShellExecuteEx() must be used. # procHandle = win32api.ShellExecute(0, lpVerb, cmd, params, cmdDir, showCmd) procInfo = ShellExecuteEx(nShow=showCmd, fMask=shellcon.SEE_MASK_NOCLOSEPROCESS, lpVerb=lpVerb, lpFile=cmd, lpParameters=params) if wait: procHandle = procInfo['hProcess'] obj = win32event.WaitForSingleObject(procHandle, win32event.INFINITE) rc = win32process.GetExitCodeProcess(procHandle) #print "Process handle %s returned code %s" % (procHandle, rc) else: rc = None return rc def test(): rc = 0 if not isUserAdmin(): print "You're not an admin.", os.getpid(), "params: ", argv #rc = runAsAdmin(["c:\\Windows\\notepad.exe"]) rc = runAsAdmin() else: print "You are an admin!", os.getpid(), "params: ", argv rc = 0 x = raw_input('Press Enter to exit.') return rc if __name__ == "__main__": if not isUserAdmin(): runAsAdmin() 其中要求用户的pipe理员。 许可,但我有两个主要问题:
1.用户需要给予程序许可。(pentesting存在问题)
2. 每次程序运行时,用户都需要给程序许可(这是可疑的)
有没有办法绕过这个?
PS。 Windows 7和直接访问
假设你有权访问这个脚本运行的电脑,那么你可以按照这个链接中的说明…
它将允许标准用户以管理员身份运行特定的应用程序。 我已经在其他应用程序上成功地使用了这个指南,但从来没有在Python脚本上使 可能为你工作。