A different way of getting system
A different way of getting system
ghost | 4621 Reads | This is something I discovered and thought some of you might find useful. It's not really a hack, just a bit of convenience. By now, most people are familiar with the 'system' trick in XP. I use it frequently. Whether there are stubborn processes that won't end, files that won't delete, or you're just bored; there are plenty of reasons to use it.
For those that don't know, you can get access to this by typing the following in the command prompt:
at xx:xx /interactive "cmd.exe"
xx:xx would be the time you specify cmd to run.
From there you can jump between shells, whether it's different instances of explorer or some other shell of your choosing. This pretty much gives you unrestricted access to everything on that pc.
The inconvenience is that you have to wait till whatever time you set it for. If you enter a time that has already passed, you have to wait until the following day for that task to run. Otherwise you need to give yourself probably about a one minute window. Plus, you have to do this each time you want to get access as system.
Not a difficult task but there is another way.
If you create a service, you can accomplish the same thing, skip the hassle and the wait.
Intitially, I tried:
sc create mysvc binpath= "cmd" type= own type= interact
That didn't work. The service, essentially, times out. This is because SCM has to establish a channel through the RegisterServiceCtrlHandler API to pass commands to the service. Another issue is that there are no service related codes within the executable. Because of this the service fails to start and produces an error code of 1053. In short, the window simply dies.
The solution is to launch another instance of cmd, so that even when the first instance closes, the second remains and allows commands to be run as system. This is done with the /k switch and start. Start by itself will launch a separate instance of cmd. The switch /k executes the command issued by the string (in this case it opens cmd) and continues.
Now I create the service with the switch and start:
sc create mysvc binpath= "cmd /K start" type= own type= interact
This time the service will open cmd then start. Start opens another instance of cmd. You can now call the service when you need it:
sc start mysvc
This will open cmd and let you run commands as system.
Mouzi 16 years ago
I'm not that familiar with XP so this may be a stupid question, but can you create the service on an administrator account and then call it later with a limited account?
Uber0n 16 years ago
Mouzi: You simply do it from the command line (or manually in the registry). http://www.theeldergeek.com/add_a_service_in_windows_xp.htm
Mouzi 16 years ago
Actually I know how it's done. I just wanted to know if it works over accounts (especially from admin to limited).
Uber0n 16 years ago
Okay, yes I'm quite sure it works. You may not even have to be admin in order to add the service ^^
ghost 16 years ago
awesome dude, I've been waiting for someone to write another article about getting SYSTEM :) (and I didn't know this oneā¦thanks :))
mikispag 16 years ago
I'm pretty sure that adding a system service in XP/Vista requires administrative privileges (default settings). Anyway, very good article! :)
korg 16 years ago
A shortcut is all it really is, Not gonna get you admin or anything. decent article as far as content and structure.