This exploit is rather old, but I really love the step-by-step demonstration of it in this video that I was sent by reader BB.
- Login to your XP box as a non-priviliged user.
- Open up a command window (run cmd.exe)
- In that command window, have the system schedule launch another command window. (at 20:00 /intereactive “cmd.exe”)
- When new window opens, kill explorer.exe in task manager.
- open explorer.exe
- Congrats, you're now running as the system user – you have more power than 'Administrator'!
WARNING: THIS VIDEO HAS AUDIO THAT IS NOT 'WORK SAFE'. YOU MAY WANT TO TURN YOUR VOLUME OFF NOW!
Here's the video. Grab some coffee and enjoy!