Yes I can hear it now. "Windows Command Prompt fails" "It's useless." Well maybe you'll get to learn something today. . This is for Educational purposes only. Use at your own risk.
PS: (FukHaq5/ZPO Applies here)
**NOTE**This tutorial Does NOT work on Vista. It you need Admin access on Vista, try using *THE* VDM exploit. If interested, getting the code/reading up on this is just as easy as googling for it ). /**NOTE**
So A virus is keeping you from running Anti-Virus program or you forgot your admin password? Well have no fear, there is a simple method for getting %SYSTEM% access to your computer from a normal user account .
This is actually a simple process. It all depends on running the 'at' command on command prompt. To access command prompt, press windows key + R
and type in 'cmd'. The black Dialog box is The command prompt.
To get your local system time, type in 'time' and hit enter twice. Now (mentally) add around 1 minute to it. Now you will be doing the "real work".
Type this command in next
'at *time + 1 minute here* /interactive cmd.exe'
If you get a different output make sure you typed everything in correctly. Also note the time you enter should be different, and *MOST* the time your computer will be defaulted to a 12-hour clock.
Once your computer's clock reaches the time, a new command prompt will open.
Uploaded with ImageShack.us
Notice the \System32> and its running under SVCHOST.EXE.
Congratulations, you are now SYSTEM. Have some fun,explore, learn something .
--------------------------------------
A few activities for the reader:
1) Get Explorer.exe to run as SYSTEM.
2) Force a Password Change
3) Force an unstoppable Reboot
4) Rewrite your MsConfig (fun one ). [And Most Useful if something, such as a virus, is blocking access to it]
--------------------------------------
Now I'm sure someone (Maybe?) wants to know WHY this works. Well here we are.
The At command is Windows Attempt at Crontab/Cronjobs. All it does is really schedule tasks to run at a certain time. For more options you can just type in at /? for a more complete list of Options.
The tag '/interactive' tells 'at' to interact DIRECTLY with the User(aka Userland). Now how does this get passed to SVCHOST? Well without getting too technical, SVCHOST has several processes running at once (for verification just check your task manager, you will see several). SVCHOST is "technically" a kernel service that runs in userland for interaction between the two.
When running something '/interactive', as the 'at' "man" page says, it interacts with the desktop of the user logged in, which (For those that don't know) is Explorer.exe. Explorer is responsible for several other processes, one being Command prompt! *GASP*.
It's 2 AM here so this might be a fail explanation. P:. I'll gladly explain anything else/clarify if needed . Happy Readings