Local Privileges Escalation in WinXP
Did you know that you can escalate you can become the SYSTEM user on a WinXP box simply by using the at command? Try this at home:
at 11:45pm /interactive cmd.exe
You just scheduled a job that will pop up a new cmd window exactly at 11:45pm. Who is the parent of this window? Why SYSTEM of course. But we are not done yet.
Have the new cmd window up? Good. Now kill explorer.exe using the Task Manager. Yes, just kill it! Keep the new cmd window open though. Use it to run explorer again by typing in explorer.exe. Done!
You are now logged in as SYSTEM. You can now go ahead and do all the nifty admin things that you always wanted to do but your IT department wouldn’t let you. 
You might get in trouble when they find out though. So, don’t go crazy with your newfound power.
If you still don’t believe me, here is a video that shows you how it’s done.
Related Posts:
August 1st, 2006 at 2:12 pm (466) [Quote]
[…] In lieu of the privilege escalation hax I started to wonder what exactly do you need to do to lock down an XP Home machine. In XP pro you can use the group policies to limit what user can do on the local machine. Unfortunately, the home edition is missing gpedit.msc so we can only rely on registry hacks. […]
Posted using