The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Rehash: Nice Admin Exploit in XP

Posted by Xavier Ashe on August 1, 2006

This exploit is rather old, but I really love the step-by-step demonstration of it in this video that I was sent by reader BB.

Summary:

  • Login to your XP box as a non-priviliged user.
  • Open up a command window (run cmd.exe)
  • In that command window, have the system schedule launch another command window. (at 20:00 /intereactive “cmd.exe”)
  • When new window opens, kill explorer.exe in task manager.
  • open explorer.exe
  • Congrats, you're now running as the system user – you have more power than 'Administrator'!
WARNING: THIS VIDEO HAS AUDIO THAT IS NOT 'WORK SAFE'. YOU MAY WANT TO TURN YOUR VOLUME OFF NOW!

Here's the video. Grab some coffee and enjoy!

From A Day in the Life of an Information Security Investigator.

Advertisements

No Responses Yet to “Rehash: Nice Admin Exploit in XP”

  1. Anonymous said

    Jesus, you consider this news ? This is well known since the existance of XP. HINT: You can do it _remotely_

    Like

  2. Anonymous said

    Not news, but a good reminder. It's been a while since I've had to use something like this since the Sysinternal tools became so useful. I use to use it to get system level access to processes.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: