Follow us on Twitter!
Don't judge the unknown - Grindordie
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 23
Members Online: 1

Registered Members: 82843
Newest Member: hx47
Latest Articles

A different way of getting system

Arrow Image This is a different method of becoming system.
It creates a service that can be called repeatedly and quickly.



This is something I discovered and thought some of you might find useful. It\'s not really a hack, just a bit of convenience.
By now, most people are familiar with the \'system\' trick in XP. I use it frequently. Whether there are stubborn processes
that won\'t end, files that won\'t delete, or you\'re just bored; there are plenty of reasons to use it.

For those that don\'t know, you can get access to this by typing the following in the command prompt:

at xx:xx /interactive \"cmd.exe\"

xx:xx would be the time you specify cmd to run.

From there you can jump between shells, whether it\'s different instances of explorer
or some other shell of your choosing. This pretty much gives you unrestricted access to
everything on that pc.

The inconvenience is that you have to wait till whatever time you set it for.
If you enter a time that has already passed, you have to wait until the following
day for that task to run. Otherwise you need to give yourself probably about a
one minute window. Plus, you have to do this each time you want to get access
as system.

Not a difficult task but there is another way.

If you create a service, you can accomplish the same thing, skip the hassle
and the wait.

Intitially, I tried:

sc create mysvc binpath= \"cmd\" type= own type= interact

That didn\'t work. The service, essentially, times out.
This is because SCM has to establish a channel through the RegisterServiceCtrlHandler API
to pass commands to the service. Another issue is that there are no service related codes within the executable.
Because of this the service fails to start and produces an error code of 1053. In short, the window simply dies.

The solution is to launch another instance of cmd, so that even when the first instance closes,
the second remains and allows commands to be run as system. This is done with the /k switch and start.
Start by itself will launch a separate instance of cmd. The switch /k executes the command issued by the string
(in this case it opens cmd) and continues.

Now I create the service with the switch and start:

sc create mysvc binpath= \"cmd /K start\" type= own type= interact


This time the service will open cmd then start. Start opens another instance of cmd.
You can now call the service when you need it:

sc start mysvc

This will open cmd and let you run commands as system.

Comments

Uber0non February 04 2008 - 06:47:35
Interesting, I've never thought of that before Smile
Mouzion February 04 2008 - 07:47:56
I'm not that familiar with XP so this may be a stupid question, but can you create the service on an administrator account and then call it later with a limited account?
Uber0non February 04 2008 - 17:55:30
Mouzi: You simply do it from the command line (or manually in the registry). http://www.theeld. . .ows_xp.htm
Mouzion February 05 2008 - 14:49:08
Actually I know how it's done. I just wanted to know if it works over accounts (especially from admin to limited).
Uber0non February 05 2008 - 17:33:08
Okay, yes I'm quite sure it works. You may not even have to be admin in order to add the service ^^
daiianion February 07 2008 - 21:56:26
Sounds nice Smile
Skunkfooton February 08 2008 - 05:39:11
awesome dude, I've been waiting for someone to write another article about getting SYSTEM Smile (and I didn't know this one...thanks Smile)
mikispagon February 13 2008 - 16:49:27
I'm pretty sure that adding a system service in XP/Vista requires administrative privileges (default settings). Anyway, very good article! Smile
korgon February 18 2008 - 15:04:16
A shortcut is all it really is, Not gonna get you admin or anything. decent article as far as content and structure.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.