Everyone knows in windows to access some application, we need advance privileges to access that program. We will show you, how to execute the program without Administrator privileges. RunWithRestrictedRights is a tool that restricts the privileges of the file. We have to download this application in our windows system to run without administrator rights. As per ethical hacking researcher of International Institute of Cyber Security, this can be used by malware writer to bypass UAC.
What is UAC ?
UAC (User Account Control) – In windows UAC is just like security. It helps users to protect your windows operating system by unauthorized changes like (application, viruses, and malware). Any changes to the system can be by the administrator itself. Whenever we try to install any application in windows, UAC conforms with the user to execute the application (mostly we have seen below screen while installing the application). If privileges not approved, we cannot execute the application.
We can see the below picture of UAC prompt in windows.
To check UAC options in your windows systems, type UAC to get below screen:
- In these settings, we see four types of modulations.
- Always notify me when: Apps try to install software or make changes to my computer and I make changes to Windows settings.
- Notify me only when appy try to make changes to my computer (default)and Don’t notify me when I make changes to Windows settings.
- Notify me only when appy try to make changes to my computer (do not dim my desktop) and Don’t notify me when I make changes to Windows settings.
- Never notify me when: Apps try to install software or make changes to my computer and I make changes to Windows settings.
How to use RunWithRestrictedRights
- After downloading and keep the exe in C: dive and open the command prompt as administrator.
- Now, types C:WINDOWSsystem32>C:RunWithRestrictedRights.exe.
- You will see all the options of RunWithRestrictedRights.exe
- Now, enter the file path C:WINDOWSsystem32>C:RunWithRestrictedRights.exe <application-name>.
- Which ever you want to open like (notepad, word, MSpaint) C:WINDOWSsystem32>C:RunWithRestrictedRights.exe Control Panel
- If the application ask for UAC privileges, using this it will not ask for UAC access.
Using the parameters of RunWithRestrictedRights
Whenever you execute the command with the “application” you want to lunch it will show the medium/Low integrity file. If you want to check low/medium integrity file, we can use Process Explorer or Process Hacker tool.
- Now, enter command C:WINDOWSsystem32>C:RunWithRestrictedRights.exe control panel -v
- -v produce verbose output.
- Now, enter the command C:WINDOWSsystem32>C:RunWithRestrictedRights.exe notepad -w
- -w Instead of returning immediately after launching the application, wait until the application ends. Optional.
Using this tool we can lunch any application without administrator access. We can use this tool in all windows machines from Windows XP and above and also it supports windows server 2003 and above. In 2017 Microsoft announced that in windows non administrator can protect 94% of critical vulnerabilities.