Forum Thread: Explanation of Script..

@echo off

:: BatchGotAdmin
REM --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\SysWOW64\icacls.exe" "%SYSTEMROOT%\SysWOW64\config"
) ELSE (
>nul 2>&1 "%SYSTEMROOT%\system32\icacls.exe" "%SYSTEMROOT%\system32\config"

REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
goto UACPrompt
) else ( goto gotAdmin )

echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %:"=""
echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

del "%temp%\getadmin.vbs"
exit /B

pushd "%CD%"
CD /D "%~dp0"

This is the script use to run the shell file as administrator from inside. Can anyone give me the explanation of all the commands were used thrre.

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

6 Responses

There are multiple versions of these batch scripts online from a quick Google search. I'm not going to walk you through it line by line but if you have a question on a specific command you can ask that. A brief overview of the script would be...

The first IF statement checks the systems architecture and runs the appropriate icacls.exe on the system config file (hive file). If icacls.exe returns an error the second IF statement calls UACPrompt otherwise it calls gotAdmin.

UACPrompt creates a VBscript that runs cmd.exe as administrator

gotAdmin changes directory

You would add the contents of your batch file to the end of this one and if everything goes right it will execute as administrator. Also depending on the UAC settings this will pop a message box to the users, but it will be signed by Microsoft.


But is it open a permission window asking for 'yes' or 'no' or it just got admin permission ...?

Depending on the UAC settings it will open the window. There are multiple ways to bypass UAC. You will have to look them up, there is even metasploit modules for it.

How payloader bypass USC.

Is anybody has better or easy" ,run as admin commands.

Share Your Thoughts

  • Hot
  • Active