=^.^=

Use Windows PowerShell to Make Multiple Shortcuts Always Run their Target as Administrator

karma

To always run a shortcut's target under the Administrator account one will typically:

  • Right-click on the shortcut file in File Explorer
  • Click the Properties item in the context menu
  • Click the Advanced button
  • Check the Run as administrator checkbox

However, what is one to do when presented with a large batch of such files? Group-selecting them will reveal a Properties window of limited options, excluding the ability to mass-apply the Run as administrator option to the group.

[attachment-IzbIbr]
Illustrating how to conventionally set the Run as administrator setting on a single shortcut

We can leverage an advanced shortcut editing JScript like shortcutJS.bat from https://github.com/npocmaka/batch.scripts/blob/master/hybrids/jscript/shortcutJS.bat (Download raw script file) which will effectively hex-edit the shortcut files in-place to set the Run as administrator bit in the file's binary code. For posterity the script's source (as of March 2024) will be provided at the end of this article.

Save shortcutJS.bat somewhere within your PATH so it can be easily re-used; I chose to drop my copy into C:\Windows\System.

Now we can run a short PowerShell scriptlet that loops through the current working directory's contents where file names end in *.lnk:

$files = Get-ChildItem ./ -Include *.lnk; foreach ($f in $files) { $filename = $f.FullName shortcutJS.bat -edit $filename -adminpermissions yes }

The following is an exact reproduction of shortcutJS.bat from npocmaka / batch.scripts GitHub repository as of March 8, 2024 to ensure it can not disappear or become broken for the purposes of this article:
@if (@X)==(@Y) @end /* JScript comment @echo off cscript //E:JScript //nologo "%~f0" "%~nx0" %* exit /b %errorlevel% @if (@X)==(@Y) @end JScript comment */ var args=WScript.Arguments; var scriptName=args.Item(0); //var adminPermissions= false; var edit= false; function printHelp() { WScript.Echo(scriptName + " -linkfile link -target target [-linkarguments linkarguments] "+ " [-description description] [-iconlocation iconlocation] [-hotkey hotkey] "+ " [-windowstyle 1|3|7] [-workingdirectory workingdirectory] [-adminpermissions yes|no]"); WScript.Echo(); WScript.Echo(scriptName + " -edit link [-target target] [-linkarguments linkarguments] "+ " [-description description] [-iconlocation iconlocation] [-hotkey hotkey] "+ " [-windowstyle 1|3|7] [-workingdirectory workingdirectory] [-adminpermissions yes|no]"); WScript.Echo(); WScript.Echo(scriptName + " -examine link"); WScript.Echo(); WScript.Echo(" More info: http://msdn.microsoft.com/en-us/library/xk6kst2k%28v=vs.84%29.aspx "); } // reads the given .lnk file as a char array function getlnkChars(lnkPath) { // :: http://www.dostips.com/forum/viewtopic.php?f=3&t=3855&start=15&p=28898 :: var ado = WScript.CreateObject("ADODB.Stream"); ado.Type = 2; // adTypeText = 2 ado.CharSet = "iso-8859-1"; // code page with minimum adjustments for input ado.Open(); ado.LoadFromFile(lnkPath); var adjustment = "\u20AC\u0081\u201A\u0192\u201E\u2026\u2020\u2021" + "\u02C6\u2030\u0160\u2039\u0152\u008D\u017D\u008F" + "\u0090\u2018\u2019\u201C\u201D\u2022\u2013\u2014" + "\u02DC\u2122\u0161\u203A\u0153\u009D\u017E\u0178" ; var fs = new ActiveXObject("Scripting.FileSystemObject"); var size = (fs.getFile(lnkPath)).size; var lnkBytes = ado.ReadText(size); ado.Close(); var lnkChars=lnkBytes.split(''); for (var indx=0;indx<size;indx++) { if ( lnkChars[indx].charCodeAt(0) > 255 ) { lnkChars[indx] = String.fromCharCode(128 + adjustment.indexOf(lnkChars[indx])); } } return lnkChars; } function hasAdminPermissions(lnkPath) { return (getlnkChars(lnkPath))[21].charCodeAt(0) == 32 ; } function setAdminPermissions(lnkPath , flag) { lnkChars=getlnkChars(lnkPath); var ado = WScript.CreateObject("ADODB.Stream"); ado.Type = 2; // adTypeText = 2 ado.CharSet = "iso-8859-1"; // right code page for output (no adjustments) //ado.Mode=2; ado.Open(); // setting the 22th byte to 32 if (flag) { lnkChars[21]=String.fromCharCode(32); } else { lnkChars[21]=String.fromCharCode(0); } ado.WriteText(lnkChars.join("")); ado.SaveToFile(lnkPath, 2); ado.Close(); } function examine(lnkPath) { var fs = new ActiveXObject("Scripting.FileSystemObject"); if (!fs.FileExists(lnkPath)) { WScript.Echo("File " + lnkPath + " does not exist"); WScript.Quit(2); } var oWS = new ActiveXObject("WScript.Shell"); var oLink = oWS.CreateShortcut(lnkPath); WScript.Echo(""); WScript.Echo(lnkPath + " properties:"); WScript.Echo(""); WScript.Echo("Target:" + oLink.TargetPath); WScript.Echo("Icon Location:" + oLink.IconLocation); WScript.Echo("Description:" + oLink.Description); WScript.Echo("Hotkey:" + oLink.HotKey ); WScript.Echo("Working Directory:" + oLink.WorkingDirectory); WScript.Echo("Window style:" + oLink.WindowStyle); WScript.Echo("Admin Permissions:" + hasAdminPermissions(lnkPath)); WScript.Quit(0); } if (WScript.Arguments.Length==1 || args.Item(1).toLowerCase() == "-help" || args.Item(1).toLowerCase() == "-h" ) { printHelp(); WScript.Quit(0); } if (WScript.Arguments.Length % 2 == 0 ) { WScript.Echo("Illegal arguments "); printHelp(); WScript.Quit(1); } if ( args.Item(1).toLowerCase() == "-examine" ) { var linkfile = args.Item(2); examine(linkfile); } if ( args.Item(1).toLowerCase() == "-edit" ) { var linkfile = args.Item(2); edit=true; } if(!edit) { for (var arg = 1;arg<5;arg=arg+2) { if ( args.Item(arg).toLowerCase() == "-linkfile" ) { var linkfile = args.Item(arg+1); } if (args.Item(arg).toLowerCase() == "-target") { var target = args.Item(arg+1); } } } if (typeof linkfile === 'undefined') { WScript.Echo("Link file not defined"); printHelp(); WScript.Quit(2); } if (typeof target === 'undefined' && !edit) { WScript.Echo("Target not defined"); printHelp(); WScript.Quit(3); } var oWS = new ActiveXObject("WScript.Shell"); var oLink = oWS.CreateShortcut(linkfile); if(typeof target === 'undefined') { var startIndex=3; } else { var startIndex=5; oLink.TargetPath = target; } for (var arg = startIndex ; arg<args.Length;arg=arg+2) { if (args.Item(arg).toLowerCase() == "-linkarguments") { oLink.Arguments = args.Item(arg+1); } if (args.Item(arg).toLowerCase() == "-description") { oLink.Description = args.Item(arg+1); } if (args.Item(arg).toLowerCase() == "-hotkey") { oLink.HotKey = args.Item(arg+1); } if (args.Item(arg).toLowerCase() == "-iconlocation") { oLink.IconLocation = args.Item(arg+1); } if (args.Item(arg).toLowerCase() == "-windowstyle") { oLink.WindowStyle = args.Item(arg+1); } if (args.Item(arg).toLowerCase() == "-workingdirectory" || args.Item(arg).toLowerCase() == "-workdir") { oLink.WorkingDirectory = args.Item(arg+1); } if (args.Item(arg).toLowerCase() == "-adminpermissions") { if(args.Item(arg+1).toLowerCase() == "yes") { var adminPermissions= true; } else if(args.Item(arg+1).toLowerCase() == "no") { var adminPermissions= false; } else { WScript.Echo("Illegal arguments (admin permissions)"); WScript.Quit(55); } } } oLink.Save(); if (!(typeof adminPermissions === 'undefined')) { setAdminPermissions(linkfile ,adminPermissions); }

Use Windows PowerShell to Make Multiple Executables Always Run as Administrator (Compatability Mode)

karma
[attachment-zFCOoa]
Application Compatibility Tab

To always run an executable under the Administrator account one will typically:

  • Right-click on the application file in File Explorer
  • Click the Properties item in the context menu
  • Navigate to the Compatibility tab
  • Check the Run this program as an administrator checkbox
  • Click the Apply button at the bottom of the Properties window

However, what is one to do when presented with a large batch of such files? Group-selecting them will reveal a Properties window of limited options, excluding the ability to mass-apply the Run this program as an administrator option to the group.

Counterintuitively, this property is not actually attached to the file itself. It is in fact set in the Windows Registry under the path HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers by making a new value for each path to an individual executable file and assigning it the String value RUNASADMIN

[attachment-NCcq3C]
The Windows Registry after running the following PowerShell snippet on the SysInternals Suite

We can perform this action in bulk with a very terse little PowerShell scriptlet which you can paste directly into your session (running as Administrator), simply chdir (cd) to the desired directory to use unmodified:

$files = Get-ChildItem ./ -Include *.exe; foreach ($f in $files) { $filename = $f.FullName reg.exe ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v $filename /t REG_SZ /d "RUNASADMIN" /f }

Install Windows SysInternals like a Pro and Attract Romantic Propositions

karma

The venerable Windows SysInternals Suite is perennially provided in an equally unflattering and flat zip file indiscriminately littered with executable tools and ersatz Compiled HTML HelpFiles (that's your handy-dandy *.chm for the uninitiated). One is left to install them as one sees fit, with no recommendations. I think there are reasonable guidelines we should expect and today I'll show you how I like to pack the pipe:

  • Most of the SysInternals tools require Administrator rights to start or function properly. We should avoid having to right-click and hit Run As Administrator every time we go to use one.
  • The executables should be stored in a sensible place
  • The tools should be easy to access, by GUI and CLI

My solutions are as follows:

  • Permanently install the SysInternals Suite applications and documentation to C:\Program Files\SysInternals\
  • Mass-enable the Run as administrator Capability setting on those applications
  • Create a SysInternals Start Menu subfolder for easy GUI access
  • Mass-enable the Run (target) as administrator setting on all shortcuts contained therein (just for the sake of being thorough)
  • Update the Windows Path Environment Variable to contain C:\Program Files\SysInternals\ so they may be called from the cmd.exe or PowerShell command line directly
[attachment-meObQY]
Illustrating the steps to update the Windows PATH

To these ends, my installation recipe simmers thus:

  1. Open PowerShell as Administrator (right-click, Run as Administrator). Run the following:
    mkdir "C:\Program Files\SysInternals" mkdir "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysInternals"
  2. Extract the SysInternalsSuite.zip to C:\Program Files\SysInternals
  3. Open C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysInternals in File Explorer
  4. In another File Explorer window open C:\Program Files\SysInternals in Details View
  5. Sort the folder's contents by File Type. Select all Application files (all files ending in *.exe)
  6. Using your right mouse button, drag the selected files over to the Start Menu entry's window. Choose Create Shortcuts from the context menu that opens when you release the right button.
  7. Open the System control panel
  8. Click on Advanced system settings (as shown in the illustration above)
  9. Click the Environment Variables... button at the bottom of the System Properties window
  10. Click on the PATH variable, then the Edit... button
  11. Click the New button on the Edit environment variable window
  12. Paste the path C:\Program Files\SysInternals into the new line that was created then click OK on each of the three open settings window to return to the Settings control panel, which you may now close
  13. Visit my article Use Windows PowerShell to Make Multiple Shortcuts Always Run their Target as Administrator and install the shortcutJS.bat shortcut editing script according to my instructions (note that setting the Run as administrator capability directly to multiple executable files is a substantially differentiated matter, covered by its own article - both methods will be employed here)
  14. Return to your existing - or open a new - Administrator session of PowerShell (right-click and select Run as Administrator) and run the following commands and scriptlets to finalize your installation
    PS C:\Windows\system32> cd "C:\Program Files\SysInternals" PS C:\Program Files\SysInternals> $files = Get-ChildItem ./ -Include *.exe; foreach ($f in $files) { $filename = $f.FullName reg.exe ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v $filename /t REG_SZ /d "RUNASADMIN" /f } PS C:\Program Files\SysInternals> cd "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysInternals" PS C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysInternals> $files = Get-ChildItem ./ -Include *.lnk; foreach ($f in $files) { $filename = $f.FullName shortcutJS.bat -edit $filename -adminpermissions yes }
[attachment-LhhjUM]
The Windows Registry after looping through the SysInternals application settings

Install Metasploit-Framework on Fedora/RHEL/CentOS/Rocky Linux Quick-and-Dirty

karma

The official Fedora guide (c. 2018) to installing the ever-popular ruby-based Metasploit automated scan-and-exploit framework is slightly outdated and indecisive. Please find below an updated quick installation recipe for your pleasure and leisure:

# RedHat Metasploit-Framework Installer # https://foxpa.ws/install-metasploit-framework-on-redhat # --- # Obtain the latest release from GitHub # You can git clone git://github.com/rapid7/metasploit-framework.git # however I've had problems syncing on Qubes and the master .zip will always work. # Consider using git for future updates. You may wish to add such to your crontab. # Alternatively, use the Metasploit-hosted tarball at # http://downloads.metasploit.com/data/releases/framework-latest.tar.bz2 sudo bash cd /opt wget https://github.com/rapid7/metasploit-framework/archive/refs/heads/master.zip unzip master.zip mv metasploit-framework-master metasploit # Install Ruby dependencies dnf -y install ruby-irb rubygems rubygem-bigdecimal rubygem-rake rubygem-i18n rubygem-bundler dnf builddep -y ruby dnf -y install ruby-devel libpcap-devel gem install rake # Install PostgreSQL (SQLite is no longer supported) dnf -y install postgresql-server postgresql-devel gem install pg # Symlink the Metasploit tools to a PATH'd location: ln -sf /opt/metasploit/msf* /usr/local/bin/ # Enable raw socket modules: gem install pcaprub # Install additional dependent Gems bundle install --gemfile /opt/metasploit/Gemfile

You can download this script from https://foxpa.ws/files/install-metasploit.sh, simply chmod +x it executable and ./ it. In a few minutes you should be returned to a prompt with no user intervention necessary and a working installation of Metasploit.

Now continue to setup the PostgreSQL database for Metasploit by following Fedora Project Wiki > Metasploit Postgres Setup (https://fedoraproject.org/wiki/Metasploit_Postgres_Setup).

SMS Number Vendors for Fun and Privacy

karma

A generous contributor has shared with me a list of online SMS-capable telephone number vendors which can be used to create new accounts with sites and services without having to divulge your actual phone number. They can also be used to evade geofencing by provisioning an international number.

I have cleaned out dead links (as of March 1, 2024) however you may find some working duplicates as providers are bought out or where I have chosen to retain them for redundancy due to it not often being clear which is the primary domain or whether one or the other may be allowed to expire.

This post is one of the many living lists I am maintaining here on foxpa.ws.

If you would like to contribute to this list or report a disabled or downed service please join us in our Telegram group.