Running A Desktop With Full System Privileges

**kingaff** · 23-Feb-2007, 07:18 AM

Running A Desktop With Full System Privileges
A tutorial on how to trick Windows XP into giving you system privs.

[0.0] Table of Contents
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[1.0] â€¦â€¦â€¦â€¦â€¦â€¦â€¦. Abstract
-[1.1] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Why hackers should care

[2.0] â€¦â€¦â€¦â€¦â€¦â€¦â€¦. Introduction to Local System
-[2.1] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Getting SYSTEM
-[2.2] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ What to do now
-[2.3] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Abnormalities & experimentation
-[2.4] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ A quick fix

[3.0] â€¦â€¦â€¦â€¦â€¦â€¦â€¦. Ending notes
-[3.1] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Questions/Comments/Contact
-[3.2] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Shoutz & Flamez
-[3.3] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Copyright information

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[1.0] Abstract
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Using simple command line tools on a machine running Windows XP we will obtain system level privileges, and run the entire explorer process (Desktop), and all processes that run from it have system privileges. The system run level is higher than administrator, and has full control of the operating system and itâ€™s kernel. On many machines this can be exploited even with the guest account. At the time Iâ€™m publishing this, I have been unable to find any other mention of people running an entire desktop as system, although I have seen some articles regarding the SYSTEM command prompt.

-[1.1] Why hackers should care

Local privilege escalation is useful on any system that a hacker may compromise; the system account allows for several other things that arenâ€™t normally possible (like resetting the administrator password).

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[2.0] Introduction to Local System
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

The Local System account is used by the Windows OS to control various aspects of the system (kernel, services, etc); the account shows up as SYSTEM in the Task Manager process list, as seen in the following screen shot:

23-Feb-2007, 07:18 AM	#1 (permalink)
kingaff Fixed Error! Posts: 330 Join Date: Feb 2007 Rep Power: 2 IM:	Running A Desktop With Full System Privileges Running A Desktop With Full System Privileges A tutorial on how to trick Windows XP into giving you system privs. [0.0] Table of Contents =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [1.0] â€¦â€¦â€¦â€¦â€¦â€¦â€¦. Abstract -[1.1] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Why hackers should care [2.0] â€¦â€¦â€¦â€¦â€¦â€¦â€¦. Introduction to Local System -[2.1] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Getting SYSTEM -[2.2] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ What to do now -[2.3] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Abnormalities & experimentation -[2.4] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ A quick fix [3.0] â€¦â€¦â€¦â€¦â€¦â€¦â€¦. Ending notes -[3.1] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Questions/Comments/Contact -[3.2] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Shoutz & Flamez -[3.3] â€¦â€¦â€¦â€¦â€¦â€¦â€¦ Copyright information =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [1.0] Abstract =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Using simple command line tools on a machine running Windows XP we will obtain system level privileges, and run the entire explorer process (Desktop), and all processes that run from it have system privileges. The system run level is higher than administrator, and has full control of the operating system and itâ€™s kernel. On many machines this can be exploited even with the guest account. At the time Iâ€™m publishing this, I have been unable to find any other mention of people running an entire desktop as system, although I have seen some articles regarding the SYSTEM command prompt. -[1.1] Why hackers should care Local privilege escalation is useful on any system that a hacker may compromise; the system account allows for several other things that arenâ€™t normally possible (like resetting the administrator password). =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [2.0] Introduction to Local System =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The Local System account is used by the Windows OS to control various aspects of the system (kernel, services, etc); the account shows up as SYSTEM in the Task Manager process list, as seen in the following screen shot:

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)