|
-
April 7th, 2005, 05:20 AM
#1
 Logged on as SYSTEM on WinXP
okay, using regedit I navigated here:
HK_U\DEFAULT\Control Panel\Desktop
A String value named SCRNSAVE.EXE says logon.scr.
I went to C:\Windows\System32 and made a copy of cmd.exe, but called it cmd.scr.
Screensavers are EXE's with different extensions...so that was easy. I changed the value of SCRNSAVE.EXE to cmd.scr and changed ScreenSaveTimeOut to 30 (seconds).
Upon restarting the machine, the Welcome screen greeted me with the normal UI. I waited 30 seconds for the screensaver to start...when it did, cmd.scr started. I typed "explorer", and the Windows GUI came up, along with the desktop. There were four odd things though:
1) No password was needed.
2) The user on the Start menu was SYSTEM
3) There was a Windows Default Control Dialog (or something similar) on the taskbar, but not visible.
4) Much of Windows DIDN'T work correctly. Many dialogues responded with very odd side effects, the Start menu items didn't do much, same as Control Panel. I had to right click on the taskbar to open task manager, but I still couldn't end processes started by SYSTEM.
Anyone else done this? If so, any way to get the dialogues to work correctly, and have apps up and running?
A_T
[EDIT]
I just thought of this....this isn't a joke. I'm aware that many times "much of Windows doesn't work correctly", and that "many dialogues respond with very odd side effects".
[/EDIT]
Geek isn't just a four-letter word; it's a six-figure income.
-
April 7th, 2005, 08:45 AM
#2
What on earth were you trying to achieve?
There were four odd things though:
No  you have buggered with the security and intended functionality of Windows. What you have done is replace the password prompt with the command line.
1. You have replaced it with the command line
2. System runs the command line when you start it this way.
3. System lives inside the box and cannot see the screen (.............it is dark in there....... )
4. Hardly surprising as you are running from command line without giving the right instructions?
Try removing the password required function from the screensaver? that is probably confusing the poor thing?
just a few wild guesses 
-
April 7th, 2005, 09:11 AM
#3
This is a really old 'trick' to break into a windows system.
And yours isn't going to work. You need to change the default screensaver to cmd.exe OR copy cmd.exe over logon.scr.
But try doing this as a regular user instead of an admin account.... You're already an admin so you have all the power to ***** up the system..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 7th, 2005, 03:02 PM
#4
well, i figured out i can also just change the screensaver to cmd.exe, I don't have to rename anything. But it screws up either way. And I'm not sure what nihil means....I didn't replace the password dialogue, I replaced the screensaver...cuz I can type exit at that prompt and probably go right back to the dialogue. And what incorrect instructions did I give to the system?
A_T
Geek isn't just a four-letter word; it's a six-figure income.
-
April 7th, 2005, 03:09 PM
#5
I replaced the screensaver
A normal user isn't able to do this. This means you already have all privileges needed to do anything on that machine...
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 7th, 2005, 03:26 PM
#6
I assumed that SYSTEM privi's would allow me to end processes created by SYSTEM, but Task Manager didn't work correctly for some things, and still told me that they were critical system processes. Also, I assumed that NT_AUTHORITY/SYSTEM couldn't "authorize" a shutdown if I typed "tskill *" in the Run box, but I couldn't open Run.
A_T
Geek isn't just a four-letter word; it's a six-figure income.
-
April 7th, 2005, 03:54 PM
#7
I changed the value of SCRNSAVE.EXE to cmd.scr
Which means that you did replace the password dialogue with the command prompt. 
As System has not exited cleanly it is still around holding certain files and processes open. Most of your instructions would therefore be incorrect because System hasn't finished.
What exactly are you trying to achieve?
-
April 7th, 2005, 04:49 PM
#8
I wasn't trying to achieve anything until I actually did it. Now I want to "be SYSTEM"...meaning I have complete control/access...above Admin. No reason, just toying with Windows.
A_T
Geek isn't just a four-letter word; it's a six-figure income.
-
April 7th, 2005, 09:14 PM
#9
well if you want to "be system" why dont you look up the tutorial white_scorpion (I am pretty sure it was him anyway) posted on how to "be system". only he does it from guest if i am not mistaken.
-
April 7th, 2005, 09:42 PM
#10
This is actually part of the old trick to reset a forgotten Admin password in Win2k/XP. The process is as follows:-
1. Boot to the OS CD-ROM
2. Install new version of the OS in a different folder than the original, eg: c:\WINNT2
3. Boot to new OS
4. Copy cmd.exe over the screensaver
5. (I don't recall the exact details here) but you set the screensaver in the old system to start in 2 mins, (it's a registry thing I think).
6. Reboot to old OS log in as the restricted user
7. Wait till the cmd prompt opens
8. Issue the Net User command to reset the admin password to what you want, (details again lacking).
9. Logout - login as admin
10. Delete new OS install
11. Tell all your buddies what a 1337 H4x0r j00 |2
Physical access is required of course....
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
