passivemode.net — Using simple command line tools on a machine running Windows XP we will obtain system level privileges, and run the entire explorer process (Desktop), and all processes that run from it have system privileges. The system run level is higher than administrator, and has full control of the operating system and it?s kernel.
Sep 22, 2006 View in Crawl 4
cgsellerSep 22, 2006
This is old. This was made public like 6 months ago was it not ??
repruhsentSep 22, 2006
Sounds like you need a clue. I'll be the one to give it to you:You NEED admin rights to use this "exploit," so your totally l337 h4X is stupid and totally useless.
tvashtarSep 22, 2006
This one time, at band camp...
dimensioSep 22, 2006
"Actually you most places still allow access to command.com if you can get in there the at command still works."A competent administrator will not allow users to run as Administrator-level accounts. The "at" command cannot be used by non-Administrators.
pyrophiteSep 22, 2006
"Open calc.exe thru accessories on start menu...click help topics...click on ?icon on the top left next to the word "calculator"...select jump to url...enter 'file:///c:/windows/system32/cmd.exe'....click open"does the same thing
krinthekuzSep 22, 2006
what most of you do not realize is that a real IT admin could use this to help lock down machines where users must have admin rights (bc of some stupid managerial policy). granted, this is security in obscurity which is not reliable, but is proven effective against people who dont know what they're doing (which is like 99% of all users).anyone who has worked in IT knows that stupid users (read: 99% of people) with admin rights do stupid things not out of malice, but out of not knowing better. this can be used as a tool to prevent users from doing many things.the problem is when an admin relies on this as a security measure rather than an efficiency measure.
jetfireSep 22, 2006
@jackcallUnforutanely, we have to let people run as local Admin leave for most of our programs to work. That is one reason Vista is looking good is becase you can actual lock down a machine and still use it. Hell today I just had to upgrade a user to Admin level from Power User to run a new program.
noclipSep 22, 2006
Open notepad, paste it in, save as a batch file, run the batch file as any user.
grumpyrainSep 23, 2006
why does this rubbish get dugg?EVIL MS DID BAD = +1 Digg?----C:Documents and SettingsGrumpyrain>at 12:21 /interactive "cmd.exe"Access is denied.C:Documents and SettingsGrumpyrain>----Just as I (or pretty much anyone else familiar with how Windows works) suspected.It is sad that the author carries on building his argument, even after it is proven that his foundation is screwed. It is even sadder that over 500 people seem to think it is an article deserving to be dugg./Inacurate
veeru2neoJul 10, 2007
H i Guys, I not able to view the thread when i click on it it redirecting me to the following site<a class="user" href="http://passivemode.net/updates/2006/6/5/windows-xp-privilege-escalation-exploit.html">http://passivemode.net/updates/2006/6/5/windows-xp-privilege-escalation-exploit.html</a>I am not able to find where is the trickPlease help!!!!!
ggxtremeNov 19, 2007
While this is useless (since you need administrator privileges in the first place), it's still technically an exploit, because Microsoft did not intend to allow privilege escalation to SYSTEM in the first place.
joshuaauApr 29, 2009
1. I know its a dead post but...Oh, and i didnt read the article, but am familiar with the technique...Just a comment to all those who criticise...First. It is an exploit, as GGXtreme et all state.Any elevation of priviliges beyond the design of the os is an exploit.MS never intended the OS to work like that.And system is far higher than admin on an xp box.yes, youll need admin account to do it.I find it extremely useful when a virus has removed access to files, folders, under system you'll never see that PITA "access denied" error when you try to access a file/folder.File system permissions are history under system account.And yes i know i can reset sec permissions using secedit etc.Its also nice (and quite surprising the first time), to see the pc login under the system account, and up comes the usual xp new user crap like "configuring your desktop...etcto do itrun the AT command from the command promptschedule cmd.exe for a minutes time to run interactively.eg "AT 10:54 /interactive cmd.exe"when that cmd prompt pops up, open task manager,then kill explorer. then, from within the command prompt, type explorerand voila, youve just logged in as the system account.options abound from there...I'm not an admin, but i remove viruses from several pcs a day.I would frequently be backing up data and coming accross access denied regularly, or trying to kill viral dlls, etc.Or doing that dreaded copy of all files from within windows, hit one error and start again...not under systemOne last thing... MSconfig shows LOTS more startup items...i guess every critical windows startup file.BE CAREFUL under system account, you can do a lot more damage if you stuff up.(i personally wouldnt touch those extra msconfig items, or your system may not work again)It can also see all registry keys, and contents of...oh, except for the two ultra hidden keys.Hope this info helps someone.
drvitotiNov 28, 2009
Hey, is there any way to reverse it? I did it to try if it worked and now I can't get back to normal....