[-] RunasCsException: Selected logon type '2' is not granted to the user 'user'. Use available logon type '3'.

[nuts7]

Hi, while trying to use RunasCs on a HackTheBox machine I came across this error.

*Evil-WinRM* PS C:\> .\RunasCs.exe user password "cmd /c echo test > C:\test" -domain domain.local -l 3 --force-profile
[-] RunasCsException: Selected logon type '2' is not granted to the user 'user'. Use available logon type '3'.

I have several misunderstandings: why does the error imply that I am using logon type 2 when I have correctly entered logon type network (3)?

Out of curiosity, I tested all the logon types and 9 behaved like this: 😄

Does anyone have any idea of the source of the problem? Don't hesitate to ask me if you need more details about the environment, even if I don't know it well since it's a machine coming from HTB.

[antonioCoco]

Hello,

the logon type has been automatically changed to 2 because you cannot use arbitrary logon types for process creations if you don't have high privileges like SeImpersonate or SeAssignPrimaryToken . You could force a specific logon type with the --remote-impersonation flag, that doesn't require any particular privileges.

BTW i will add an error message output about the automatic switch to logon type 2 in the next release, as this can cause some confusion.

For the second screenshot, it's not related to the logon type 9 you used, it's just that your process "cmd /c whoami > ... " does not produce any output to stdout/stderr and RunasCs is telling you this, correctly.