JSI Tip 4828. Freeware application opens a CMD prompt in the System account context.


To open a CMD prompt in the System account context, download and install CMDasSYS.exe in LocalSystem.zip.

The readme contains:

****************************************************************
****************************************************************
***        Copyright (c) 2001 by -=Assarbad \[GoP\]=-          ***
***       ____________                 ___________           ***
***      /\   ________\               /\   _____  \          ***
***     /  \  \       /    __________/  \  \    \  \         ***
***     \   \  \   __/___ /\   _____  \  \  \____\  \        ***
***      \   \  \ /\___  \  \  \    \  \  \   _______\       ***
***       \   \  \ /   \  \  \  \    \  \  \  \      /       ***
***        \   \  \_____\  \  \  \____\  \  \  \____/        ***
***         \   \___________\  \__________\  \__\            ***
***          \  /           /  /          /  /  /            ***
***           \/___________/ \/__________/ \/__/             ***
***                                                          ***
****************************************************************
****************************************************************

PURPOSE AND INFORMATION:
------------------------
CMDasSYS will invoke an instance of the NT command processor
CMD.EXE under SYSTEM account. That is under highest
permissions on the local machine but almost no permissions on
the network.
If you want to play - try to read any registry key (as the
protected SAM) it will succeed.
The service is no more interactive. It does its job on the
same desktop and winsta from which CMDasSYS has been started.

USED TECHNIQUES:
----------------
This version installs itself as a Windows NT Service and starts
the command processor from within this service - that is,
from within SYSTEM account (LocalSystem context).
Needed are the privileges to install and start a service.

-> Windows 2000 (+later) user: Note, that the SYSTEM account
won't know your hash, so if you store the program in an
encrypted directory, the service cannot be started ;)

COPYRIGHT AND RESTRICTIONS:
---------------------------
There are no restrictions for reusing source and binary. You may
use it commercially and private ...

The only limitation is don't remove the copyright signature from
the source files.

\[GoP\]

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish