# RunAs The Windows [runas](https://www.shellhacks.com/windows-run-as-different-user/) command is more-or-less the equivalent of [[sudo]] on \*NIX systems. [Usage is similar.](https://www.windows-commandline.com/windows-runas-command-prompt/) ```powershell runas /user:$USERNAME $EXECUTABLE ``` `$USERNAME` may also be specified as `$DOMAIN\$USERNAME` for domain-joined machines. `$EXECUTABLE` is treated normally (as if not prefixed by the runas command), so a full or relative path is only necessary when it's not already in the Windows path. If credentials are saved for a particular user (use `cmdkey /list` to check), then the `/savecred` flag will apply them automatically! > [!important] > When using runas to start a reverse shell, [[whoami]] will always return the user who called the runas command, *even if the shell is running as under a different user's privileges*. Thus, elevating privileges using runas is a blind attack... You won't know if the privilege escalation *actually* worked until you try a command that requires more privileges!