PDA

View Full Version : How to get SYSTEM privilages in Windows



Devilfish
13th February, 2008, 07:11 PM
If you open your task manager (ctrl + alt + del) and look at the processes, you will notice that different processes are being run by different users. Some of these processes will be the user you are logged in as, some are local services, network services, and some are run by the system. Now try ending a process run by the system? You will get an error saying access denied. What does this mean? It means that even though you may be admin, you are not the most privileged user on your computer, the system is. Once we become the system, we will be able to access ANY folder, registry entry, etc, but you will be also be able to kill any system task which can be antivirus, VNC, deepfreeze, etc.
http://blog.transitcpu.com/wp-images/spiral.jpg
How do we do it?
Alright, the windows task manager ends programs and processes, but what most people don?t know is that it can also start them. It starts the new processes under the user who it is being run by. You can see this by looking at the taskmgr.exe process; it is being run by you. So in order to start processes as system we must start the task manager as system, and once we do that we can start a new explorer.exe process which will give us full access to ANYTHING. In order to start the task manager under system we must use the windows scheduler. The scheduler is a built in windows program that allows you to run any program at any time.

1. Hit Start -> Run
2. Type ?at XX:XX /interactive taskmgr? in the box (without the quotes) where XX:XX is the time one minute ahead of the clock, but in military time. So lets say that it is 4:15 pm. You would type 16:16
3. When 4:16 comes around the task manager will open. What is different? it is now being run by the system, you can check this in the process tab.
4. Kill the explorer process
5. Click File -> New Task and in the box type explorer.exe
6. Your windows should now start loading up again
7. Once it does, look at the user who is logged in at the start menu? SYSTEM? look at explorer.exe in the task manager.. SYSTEM

You now have full access to the computer to do whatever the hell you want.

vishybaby
15th April, 2008, 11:53 AM
work well with xp..tried and tested

sed
27th April, 2008, 05:38 PM
hmm, you learn something new everyday. cheers for that.

violentj
27th April, 2008, 08:43 PM
thanks kaos,ive finally managed to delete the last dregs of a previous install with this cheers

quark01
18th June, 2008, 03:37 PM
very good just tried and worked thanks

gizmo.1484
8th August, 2008, 10:38 PM
If you open your task manager (ctrl + alt + del) and look at the processes, you will notice that different processes are being run by different users. Some of these processes will be the user you are logged in as, some are local services, network services, and some are run by the system. Now try ending a process run by the system? You will get an error saying access denied. What does this mean? It means that even though you may be admin, you are not the most privileged user on your computer, the system is. Once we become the system, we will be able to access ANY folder, registry entry, etc, but you will be also be able to kill any system task which can be antivirus, VNC, deepfreeze, etc.
http://blog.transitcpu.com/wp-images/spiral.jpg
How do we do it?
Alright, the windows task manager ends programs and processes, but what most people don?t know is that it can also start them. It starts the new processes under the user who it is being run by. You can see this by looking at the taskmgr.exe process; it is being run by you. So in order to start processes as system we must start the task manager as system, and once we do that we can start a new explorer.exe process which will give us full access to ANYTHING. In order to start the task manager under system we must use the windows scheduler. The scheduler is a built in windows program that allows you to run any program at any time.

1. Hit Start -> Run
2. Type ?at XX:XX /interactive taskmgr? in the box (without the quotes) where XX:XX is the time one minute ahead of the clock, but in military time. So lets say that it is 4:15 pm. You would type 16:16
3. When 4:16 comes around the task manager will open. What is different? it is now being run by the system, you can check this in the process tab.
4. Kill the explorer process
5. Click File -> New Task and in the box type explorer.exe
6. Your windows should now start loading up again
7. Once it does, look at the user who is logged in at the start menu? SYSTEM? look at explorer.exe in the task manager.. SYSTEM

You now have full access to the computer to do whatever the hell you want.

Just tried this as i needed to delete something but now my pc is running really slow when i start it up. Would this cause my pc to run slow on start up or could it be something else?