Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Windows XP Privilege Escalation (For those who don't know how..)


Windows XP Privilege Escalation (For those who don't know how..)

By ghostghost | 10328 Reads |
0     0

–=[ How to gain SYSTEM ]=– -=[ Written by Skunkfoot ]=-

Note: So far, this doesn't work on Windows Vista.


-=[ Contents ]=-

[x] What is SYSTEM? (For those who don't already know) [x] Why would I want to become SYSTEM? [x] How do I become SYSTEM? [x] The Exploit explained [x] How to stop this from happening on your computer [x] Conclusion


-=[ Part 1 || What is SYSTEM? ]=-

Okay, so what is SYSTEM exactly? Well, open up task manager and go look at your processes. You should notice that some of the processes are being run by and some are being run by SYSTEM. The ones being run by SYSTEM are exactly that: the system is running those processes by itself.


-=[ Part 2 || Why do I want to do that? ]=-

Well, with SYSTEM, you'll have more access locally on the computer. Different types of users have different privileges. Guests tend to have very limited privileges and access. Limited Users have a little bit more, but it's still not enough for normal people. Administrators, which is what most people use, have more privileges than Guests and Limited Users, but sometimes even Administrators don't have the privileges to do some things. This is why you might want to become SYSTEM. SYSTEM has more privileges than any other group, and you can do basically anything you want on the computer when you have obtained it.


-=[ Part 3 || How do I do that? ]=-

Open up Task Manager and a CMD prompt. Write down the current time (in military/24-hour time). EX: 15:24 = 3:24 PM. Then, go to your Task Manager and end the "explorer.exe" process. Now, in the CMD window, type "at /interactive explorer.exe" and hit enter. That should get you SYSTEM.


-=[ Part 4 || I want to understand why that works ]=-

Explorer.exe is the Windows shell, or more commonly, your Desktop and Start menu, and is different for each user. When you login to Windows, explorer.exe loads, and that's why you see your icons and Start Menu and everything. When you go to logout, it ends explorer.exe for that user. So, when we kill explorer.exe and then tell the system to restart it interactively, the SYSTEM is running the process instead of your user.


-=[ Part 5 || I don't want my shit to get h4x0red! ]=-

Relax, all you have to do is disable the "at" command, which shouldn't cause a problem with your everyday computer usage because nobody really uses that command for anything. (Or at least nobody I know :P)


-=[ Conclusion ]=-

All that being said, I hope you actually learned something from my article. ^_^

–Skunkfoot

P.S. If anything is a little incorrect, just tell me cause I'll want to know. (But I think it's all pretty much accurate).

Comments
ghost's avatar
ghost 16 years ago

porn? theres porn on the internet? :happy: korg you should write articles :D

ghost's avatar
ghost 16 years ago

They locked 'at' on my school's computers, so I can't get privs and fix a virus on a friend's flash drive :\

Format is blocked :D and I have no third party software on my own drive.

ghost's avatar
ghost 15 years ago

Doesn't work on my comp……. I dont know why….but when I try to use it on my comp….It merely says….access denied (I'm an admin…but have guest like rights until I specially demand admin rights…so the tests good) thats probably the result of UAC settings…..But I dont know for sure….Know any way I can get by this glitch???

ellipsis's avatar
ellipsis 11 years ago

TotcoS was here.