Jump to content
xisto Community
ruijie

Windows Scheduler Can Elevate User Rights.

By ruijie, in Websites and Web Designing

Recommended Posts

ruijie    0

ruijie
Posted (edited)

Running the Windows Scheduler from a command prompt can elevate a user's rights.1. Type command in the Run box.2. Type at (timeafter1minhere) /interactive cmd.exe (For Example: The SYSTEM CLOCK shows 8:42PM. I would type the time in the 24 hr format, like this: at 20:43 /interactive cmd.exe3. When the system clock goes to the next minute, another command prompt will appear. Don't Close/Close the first command prompt and open up the task manager. Go to the processes tab, click on explorer.exe and end that process. The taskbar and desktop will disappear. Do not panic! This is normal.4. Type explorer.exe in the second command prompt. When you start any programs, you will be shown that you are currently logged in as NT AUTHORITY\SYSTEM when you click on processes tab in taskmanager or click on the start button. Now you have higher rights than administrator!EDIT: Take note of STEP 3. Do NOT close the first command prompt if you want your original account back quickly.You should be able to get back your original account after restarting your computer unless you did something wrong.Getting your account back without restarting your computer:Don't close the first command prompt. After messing around with your System account, open task manager again, end explorer.exe and then go to the first command prompt. Type explorer.exe, which launches the shell. Your login name should now be changed to your original name, instead of System.The reason is that the 1st command prompt is still running under your name, because you started it before you have changed your account name to System. When you run explorer.exe, it follows the user who started the command prompt.If you closed the command prompt, just restart your computer to get back to your original user account.

Edited by ruijie (see edit history)

Share this post

Link to post
Share on other sites

vizskywalker    0

vizskywalker
Posted

I tried this out an noted one difference. Rather than gaining the id of NT AUTHORITY\SYSTEM, it was simply SYSTEM, although this could depend on which version of Windows is running. This can be a minor security threat, but really only if you let computer savvy people you don't trust use your computer. It would be very difficult to exploit via a network. And it is possible to disable access to the command prompt for users without certain privileges, which prevents them from gaining more rights.~Viz

Share this post

Link to post
Share on other sites

FirefoxRocks    0

FirefoxRocks
Posted

This is a security threat. It should be reported.However, I cannot get my user account back to normal Administrator status now. HELP!!!Do not try this unless you want to be stuck in a weird user account. I am now stuck and might have to create a new user!You should have warned people first.

Share this post

Link to post
Share on other sites

ruijie    0

ruijie
Posted

I tried this out an noted one difference. Rather than gaining the id of NT AUTHORITY\SYSTEM, it was simply SYSTEM, although this could depend on which version of Windows is running. This can be a minor security threat, but really only if you let computer savvy people you don't trust use your computer. It would be very difficult to exploit via a network. And it is possible to disable access to the command prompt for users without certain privileges, which prevents them from gaining more rights.
~Viz


In the Processes Tab and start menu, it shows System but if you run the GUI Task Schduler, your user name is not \\Computernamehere\System, but NT AUTHORITY\SYSTEM, and if you end one of the svchost process (the remote call producure one), which runs as system, it will show a shutdown dialog box initiated by
NT Autority\System. Quickly open the run box and type shutdown -a to abort the shutdown.

Share this post

Link to post
Share on other sites

FirefoxRocks    0

FirefoxRocks
Posted

I did restart the system. My user account is back to my name now, but the privilege has not returned to normal. Also, the frequently used programs on the Start Menu is cleared and doesn't work anymore, no programs appear there now except my Internet Browser and Email Client.Any tips on how to fix this?

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept