Page 1 of 1

SYSTEM account console 254 characters limit

Posted: 21 Jan 2024 11:14
by lazna
Just found that its imposible to write more than 254 characters to the console window under SYSTEM account.

Reproducable step by step

- open cmd window as Administrator
- perform psexec.exe -s cmd.exe
- type whoami, get nt authority\system
- start typying characters

it stop after 254 chars, command line simply do not accept more chars. Is this a known issue? Is there any known workaround?

Re: SYSTEM account console 254 characters limit

Posted: 26 Jan 2024 11:00
by aGerman
The console window has no such limits. It's always the command line tool or shell that either spawned the console or is waiting and consuming the input that you enter. All we can do is guessing though. If the console can't be the culprit... The cmd shell has other limits and it would be unlikely that the behavior changes only because it's running in the System account. However, there's still psexec which connects to a remote machine. Even if the remote is still the local computer in your use case, the connection back to the local machine is build the same way. There could be a limit of a buffer size in the locally running psexec process or in the remotly running PSEXESVC service or just a limitation of the installed pipe. I can't tell if you can work around. It would probably be best to try an alternative tool.

Steffen

Re: SYSTEM account console 254 characters limit

Posted: 30 Jan 2024 08:37
by lazna
psexec is a testing tool only in my case, in reality I need my batch is started as a scheduled task running under SYSTEM account. This failed, so I start testing with psexec and found this issue.

My problem arise when trying to start powershell oneliner inside of batch script, which need full path to powershell binary (because SYSTEM account do not have it in path variable). This crossing 254 chars and was truncated. Change CD to "C:\Windows\System32\WindowsPowerShell\v1.0" in one command, and than start shortened powershell oneliner help in this case. Problem itself remain, even without psexec tool.

Re: SYSTEM account console 254 characters limit

Posted: 30 Jan 2024 13:41
by ShadowThief
If you think you need the SYSTEM account for something, you're doing something wrong.
If you need more than 254 characters for a single command, you're also doing something wrong.

You haven't described your use case, so I'll just assume the standard reasons for shoving a bunch of code all at once at the highest elevation possible.

Re: SYSTEM account console 254 characters limit

Posted: 02 Feb 2024 13:57
by lazna
ShadowThief wrote:
30 Jan 2024 13:41
If you think you need the SYSTEM account for something, you're doing something wrong.
I do not found any other way to start batch script as a scheduled task to stay COMPLETELLY hidden, than run it under SYSTEM account.
If you need more than 254 characters for a single command, you're also doing something wrong.
Its a hybrid script batch/powershell. Using several powershell commands as a oneliners, with full path to powershell binary, inside of batch script, and process its outputs/exitcodes