Author Topic: privilege expliot in windows XP  (Read 2883 times)

Offline Raptor

  • OMG MOD wannabe
  • Ninja Phone Loser
  • ***
  • Posts: 1208
  • 1337 13V3L: +80/-52
  • We can be happy underground
privilege expliot in windows XP
« on: December 01, 2006, 02:18:55 PM »
I came across this the other day. It enables you to gain access to the user account "System" on a windows PC. The system account has complete control over all of the files and processes. The best part is, it can be accessed in any account, even the guest acct.

What to do.

in command, type as follows

at XX:XX /interactive "cmd.exe"

(Being a couple mins after your system time. its in 24 hr format)

if that worked, it should say : new job at __ or something similar
at the specified time, you will get a special cmd prompt with the title "SVCHOST"
Now, go to task manager and close "explorer.exe" the only thing that will close is the desktop and taskbar.
in the new svchost prompt, type C:\windows\explorer.exe

A new user called "System" will then log on.
  You can now do whatever you want to write protected files ect.

To close it, Im pretty sure you have to either log of, or restart.

so say your in the library and you want to either install firefox but it won't let you, or OMG HAX the internets, but the guest acct BLOCKS TEH INTERNETS! This is a good fix. The only problem is if they block scheduling within windows. Tell me how you like it!
Raptor\\\'s Random Reviews!

http://www.phonelosers.org/forums/index.php?board=30.0

Offline gangals

  • Merp?
  • PLA Nation Citizen
  • *
  • Posts: 1031
  • 1337 13V3L: +68/-31
  • ummm cacti
    • http://img116.imageshack.us/img116/1879/bagmanonfire4pb.jpg
Re: privilege expliot in windows XP
« Reply #1 on: December 01, 2006, 03:51:47 PM »
This has been out forever, but the information is incorrect, the <at> command cannot be accessed by limited or guest accounts.

Offline Raptor

  • OMG MOD wannabe
  • Ninja Phone Loser
  • ***
  • Posts: 1208
  • 1337 13V3L: +80/-52
  • We can be happy underground
Re: privilege expliot in windows XP
« Reply #2 on: December 01, 2006, 04:48:26 PM »
D'oh! It seemed to work on the school computers! I was hoping to end the novel client processes, but I found another app that disables the "Deep Freeze" program, that resets all changes to the hard disk on every reboot.
Raptor\\\'s Random Reviews!

http://www.phonelosers.org/forums/index.php?board=30.0

Offline gangals

  • Merp?
  • PLA Nation Citizen
  • *
  • Posts: 1031
  • 1337 13V3L: +68/-31
  • ummm cacti
    • http://img116.imageshack.us/img116/1879/bagmanonfire4pb.jpg
Re: privilege expliot in windows XP
« Reply #3 on: December 01, 2006, 06:03:05 PM »
If you are running Novel, there is the old physical hack(don't know if it works on the current version).

*This only works on Win95-98, yes my school had the crapiest computers...*

All you have to do is just unplug the network cable when you turn it on, so you are greeted with a windows login screen instead of the Novel. Then you can escape into the desktop, plug the network cord back in and then you will have internet access, just not access to the network(ie. your files).

If you are running XP Home, then you can do the same trick but boot up into safemode and then log onto the Administrator account. Because by default, no OEM home install has an admin password(just that you can't access the account without entering safemode).

But for schools, the easiest way to do thing is just "break" the computer enough that a tech has to look at it and then put a hardware keylogger on the box.
« Last Edit: December 01, 2006, 06:06:29 PM by gangals »

Offline Raptor

  • OMG MOD wannabe
  • Ninja Phone Loser
  • ***
  • Posts: 1208
  • 1337 13V3L: +80/-52
  • We can be happy underground
Re: privilege expliot in windows XP
« Reply #4 on: December 01, 2006, 07:16:09 PM »
I think booting a live cd, like PHLAK would work aswell. I would like to find one that looks slightly like windows so when the teacher looks over she won't go "OMG VIRUSES!!!11"  That would also be good for attempts at the server itself. The teachers on out floor all recived new computers,  but the labs still have win 98 machenes running XP PRO.

the specs are

128 mb ram
1.4 ghz processors
Cd-ROM
CRT Monitorst
(I think they are over clocking or something, because every so often when running a power hungry app they will abruptly restart, probably to prevent the CPU from exploding and killing everyone within the proximity...)

The only problem is we signed some paper saying we wont download pr0n or hax the internets.

or Damage the hardware (stick a pencil in the hole where the cd eject button used to be) or Damage he software (Delete INTERNET EXPLORER 6)

Raptor\\\'s Random Reviews!

http://www.phonelosers.org/forums/index.php?board=30.0

Offline gangals

  • Merp?
  • PLA Nation Citizen
  • *
  • Posts: 1031
  • 1337 13V3L: +68/-31
  • ummm cacti
    • http://img116.imageshack.us/img116/1879/bagmanonfire4pb.jpg
Re: privilege expliot in windows XP
« Reply #5 on: December 01, 2006, 08:09:00 PM »
I use Active Password Changer for all that good stuff, it's included on Herin's Boot CD

hxxp://www.iso-tek.org/index.php?showtopic=8423

Offline sic

  • Newb
  • *
  • Posts: 8
  • 1337 13V3L: +0/-0
Re: privilege expliot in windows XP
« Reply #6 on: December 07, 2006, 06:09:06 PM »
My own mediocre attempt at humor has been highly amusing to myself., the good ole keylogger trick.... i had the entire two rows of computers in my library computer lap setup with SuperSave, a macintosh keylogger, and the ways i took to get around the security were great, for example i always used the mac antivirus Virex to delete files that could potentially get me in trouble when the system wasnt spose to allow deletion.   Either way i had teacher website passwords email passwords and about half of the girls from my graduating classes email/AIM passwords     =D

keyloggers FTW

Offline Raptor

  • OMG MOD wannabe
  • Ninja Phone Loser
  • ***
  • Posts: 1208
  • 1337 13V3L: +80/-52
  • We can be happy underground
Re: privilege expliot in windows XP
« Reply #7 on: December 07, 2006, 06:49:40 PM »
actually... a super sneaky keylogger that I load onto the deep freeze image with the crack, would KICK SO MUCH ASS! Do you know any that are almost imposable to detect?
Raptor\\\'s Random Reviews!

http://www.phonelosers.org/forums/index.php?board=30.0