How To: Become the SYSTEM user in Windows XP! You can do ANYTHING!

[Dragonshadow]

THIS DOES NOT WORK IN VISTA
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

In Windows XP, the system run level is higher than administrator, and has full control of the operating system and it’s kernel. When you hit Ctrl+Alt+Tab and get to the task manager process list, you will see that the System User controls several processes



Most System processes are required by the operating system, and cannot be closed, even by an Administrator account. Attempting to close them will result in a error message.Under normal circumstances, a user cannot run code as System, only the operating system itself has this ability, but by using the command line, we will trick Windows into running our desktop as System, along with all applications that are started from within.

Changing your administrator password on Windows XP, may be necessary at times depending on the scenario. One such technique, with a full desktop available to you is also possible.

--------------------------------------------------------------------------------------------------

Lets get rolling:

Open up command prompt and type:

Code:

at

If it responds with an “access denied” error, then we are out of luck, and you’ll have to try another method of privilege escalation; if it responds with “There are no entries in the list” (or sometimes with multiple entries already in the list) then we are good. Access to the at command varies, on some installations of Windows, even the Guest account can access it, on others it’s limited to Administrator accounts.

--------------------------------------------------------------------------------------------------

If you can use the at command, which is basically a task scheduler, then enter a command similar to something like mine:

Code:

at 23:27 /interactive "cmd.exe"

the time is usually a minute (or two) ahead of your present time in the 24 hours format

--------------------------------------------------------------------------------------------------

When the system clock reaches the time you set, then a new command prompt will magically run. The difference is that this one is running with system privileges (because it was started by the task scheduler service, which runs under the Local System account). It should look like this:




You’ll notice that the title bar has changed from cmd.exe to svchost.exe (which is short for Service Host).

--------------------------------------------------------------------------------------------------

End the current Explorer.exe. [hit ctrl+alt+del->task manager->processes]

--------------------------------------------------------------------------------------------------

At the system command prompt, enter in the following:

Code:

explorer.exe

--------------------------------------------------------------------------------------------------

Voila! …user System logged in!



--------------------------------------------------------------------------------------------------

Look At The Stuff you can do!



--------------------------------------------------------------------------------------------------

Log out to get back to your normal user login

--------------------------------------------------------------------------------------------------

TO FIX: Open the services control panel (Start > Run > services.msc) and disable the Task Scheduler service.


Imagine the things (h4x) we could do with this?

I wonder if we could prevent warden from even running?

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Original Is Here

[Phygar]

Guys you gotta do it it's awesome!

[Predatorpunk]

With my luck, I wouldnt get to be SYSTEM. my comp would log me in as EPIC - FAIL and i would die as my comp explodes and laughs in my face.

[Haq]

SONOFA....

HOLY Hell! I can't believe this worked!

This HAS to be hot-fixed sometime soon...

Is there a keyboard shortcut for a cmd prompt?

EDIT: I can't rep this post, otherwise I would...but still, a HUGE Thank You for this!

[Dragon[Sky]]

SONOFA....

HOLY Hell! I can't believe this worked!

This HAS to be hot-fixed sometime soon...

Is there a keyboard shortcut for a cmd prompt?

EDIT: I can't rep this post, otherwise I would...but still, a HUGE Thank You for this!

Windows button + R for Run, cmd.
In case Run is disabled.

[Dragonshadow]

SONOFA....

HOLY Hell! I can't believe this worked!

This HAS to be hot-fixed sometime soon...

Is there a keyboard shortcut for a cmd prompt?

EDIT: I can't rep this post, otherwise I would...but still, a HUGE Thank You for this!

Can't rep? :< why not :O

j/k tis ok lol

[Sonic Waffle]

There is a video about this:
[ame=http://youtube.com/watch?v=KsSnSvutJfg]YouTube - Reshoot of Become SYSTEM User[/ame]

[tomch]

wow thats pretty sick

[Dragonshadow]

Thanks ^^

filler

[bigow]

Awesome, this will really come in handy

[Dragonshadow]

Thanks for the free bump,

Now its my turn

[Obex]

My school disabled run Cmd task manager source coad and right click

ftl

[bigow]

My school disabled run Cmd task manager source coad and right click

ftl

Can you create shortcuts? If so make a shortcut, when it says type the path of the location type cmd and then call it whatever you want. This will create a shortcut that will open the cmd prompt as well.

It's what I used to use at work when wanted to much around with work computers.

If you can't right click you can usually create shortcuts from the file drop down menu.

Oh and you can also open a document, notepad etc type cmd.exe and then save as *.bat where * is anything then double click on it

[Obex]

Can you create shortcuts? If so make a shortcut, when it says type the path of the location type cmd and then call it whatever you want. This will create a shortcut that will open the cmd prompt as well.

It's what I used to use at work when wanted to much around with work computers.

If you can't right click you can usually create shortcuts from the file drop down menu.

Oh and you can also open a document, notepad etc type cmd.exe and then save as *.bat where * is anything then double click on it

i have done this it tells me CMD is disabled on the networks we cant make shortcuts CMD pops up but it just says "CMD has been disabled on these computers"

[bigow]

Hmm, looks like you fresh out of luck then your IT department is a lot cleverer than mine