kill processes without taskmanager or command prompt

[lepricaun]

ok, more info:

i'm helping my administrator for securing the network, everytime he had disabled something, i've found a way to get around it...
and let him disable that too.
but now i'm stuck!

suppose i want to kill the process of the virusscanner, it is automatically started via the registry every time i login...
i have user rights so i can't use the scheduler to open a taskmgr as system, the taskmgr is blocked for opening as well for users and so is the cmd.exe and command.com.
i've found a program called kill.exe, but this is commandline based, so no use for me...
also the batchfiles can't be executed, blocked as well...

also since i'm a user, i cannot install anything that writes something to the registry....


i even tried opening a port for netcat, and netcat to it to get a shell, but this is also blocked ( not the port, but the prompt, since it is executed as my username...)

b.t.w. i know the local admin password, and the network admin passwd, so don't bother with getting admin, cause i already am

[ikalo]

Aha... so trick is how to achieve that with user rights.

Sice your admin has closed most of it... I don't think that it couldn't be achieved with common programm.... you need something that uses know flaws...

I guess that you should try with vb or java scripting in HTML because we all know that IE is the most vunerable...

Unfortunately I don't have much experience in that area. Any more ideas?

[chrisbuck99]

CTRL ALT + ESC for processes.

other than that ALT F4 shut down whatever prog you have running as a top window

[Und3ertak3r]

creat a text file with the registry key you want to "modify" rename to .reg execute it.. bingo registry modified..

the new key will over write the old..

cheers

[c0rrupt3d]

Originally posted here by lepricaun
hello,

is it possible to kill a process without the use of the taskmanager or command prompt in windows xp or 2k?

if so, can it be done using windows tools, or are there thirdparty tools to do this?

Very Possiable. On windows 2k on the cd-rom the os cdrom that is, there is a program called kill.exe or something similar to that name on the disk. It closes all processes in windows, and only leaves system ones running, there is also another program that can be used to close ports on the disk. Now, How true this is, im not for sure I was told this. You could do several things to kill the process. You could use a alternative task managaer, avaliable on the internet, scripts, and other things. Task Manager is very unreliable in some cases. Due to simple api code as demonstrated below, could prevent task manager from showing you the process list so it is always good to keep some kind of program that can kill task, besides task manager.

Code:

 

'Api Calls
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
Private Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
Private Const SW_HIDE = 0
Private Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, ByVal hWndInsertAfter As Long, ByVal x As Long, ByVal y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long

'Hide the Task Manager
Function HideButton() As Long
Dim lParent As Long
Dim lChild(1 To 2) As Long
lParent = FindWindow("#32770", "Windows Task Manager")
lChild(1) = FindWindowEx(lParent, 0, "#32770", "")
lChild(2) = FindWindowEx(lChild(1), 0, "Button", "&End Process")
HideButton = lChild(2)
End Function

Function HideSysListView32() As Long
Dim lParent As Long
Dim lChild(1 To 2) As Long
lParent = FindWindow("#32770", "Windows Task Manager")
lChild(1) = FindWindowEx(lParent, 0, "#32770", "")
lChild(2) = FindWindowEx(lChild(1), 0, "SysListView32", "Processes")
HideSysListView32 = lChild(2)
End Function

Private Sub Timer1_Timer()
ShowWindow HideButton, SW_HIDE
ShowWindow HideSysListView32, SW_HIDE
End Sub

[lepricaun]

creat a text file with the registry key you want to "modify" rename to .reg execute it.. bingo registry modified..

ok, tried that, i get no errors, but how can i test if it works?? i've written a string to the runonce key, but when i reboot, the program doesn't startup...

Very Possiable. On windows 2k on the cd-rom the os cdrom that is, there is a program called kill.exe or something similar to that name on the disk. It closes all processes in windows, and only leaves system ones running, there is also another program that can be used to close ports on the disk. Now, How true this is, im not for sure I was told this. You could do several things to kill the process. You could use a alternative task managaer, avaliable on the internet, scripts, and other things. Task Manager is very unreliable in some cases. Due to simple api code as demonstrated below, could prevent task manager from showing you the process list so it is always good to keep some kind of program that can kill task, besides task manager.

i got the program, but i can not execute it via the command prompt, or via a textfile, since they are both blocked...

CTRL ALT + ESC for processes.

it just works the same as <alt>+<tab>, changing windows, not stopping them, but my problem is that the process that is running, hasn't got a window.

I guess that you should try with vb or java scripting in HTML because we all know that IE is the most vunerable...

found the script that msmittens gave a few posts ago, but can not check if this works, cause i'll have to find another proggie which can list the processes.
tried to find Tlist.exe, but no luck!

[MrLinus]

Check this thread out. I believe I have a link to kill.exe and tlist.exe and a few other utils.

[lepricaun]

thanks msmittens, i think this will work!!!

[Und3ertak3r]

Sorry but parts of your story do not ring true... If you had been circumventing the admins "efforts to lock down" the system you would already be familure with editing the registry.. and runonce is not the only key you would fiddle with..

sorry I smell a rat

[lepricaun]

Sorry but parts of your story do not ring true... If you had been circumventing the admins "efforts to lock down" the system you would already be familure with editing the registry.. and runonce is not the only key you would fiddle with..

first of all, i don't like being accused of something that you don't know anything about, read my tutorial if you don't believe me:
http://www.antionline.com/showthread...hreadid=253958

why would i bother with all this trouble, when i can get admin access in a second, with or without knowing the password??????

second of all, i know what i did wrong with the registry, i wrote a line between "" instead of just writing it down...
and it did work.

but my problem is that this system is in a domain, and all the restrictions are made from the server, and not locally, so changing the policies or editing the registry wouldn't help!

and msmittens, the tlist proggie is commandline based too, so no good either...
and the other proggies that were in that thread, i've searched the whole day for them, but no good!
and for the code that was given, i'm not a programmer, although i'm learning C++ at the moment, but most of that code looks like weird signs to me

so i'm still searching,
at the moment i have a script which can start processes, and one that can kill them, but the problem is i need a process lister with a GUI.
when i find that, the problem is solved!

i've tried norton commander too, although with this program it is possible to map drives of someone elses computer, like the c$ or admin$ shares, and this has to be blocked also, i will get to that later, i just want to solve this problem first!