-
October 21st, 2007, 06:47 PM
#11
Originally Posted by jockey0109
Yes, as far as the %systemroot%\SoftwareDistribution is concerned about it, I was aware about it (had applied updates to a newly installed OS copy from that of an already existing one on the same machine ) Now, yes thats the way update takes place. I did not know about the BITS (thanks for that). But my intension was not to tell him that how Windows update takes place in particular. Since he asked about a backdoor, I thought it would have been better to tell about the system account.
Thats not the way you hack into your SYSTEM account. Yes, the at command can be used to run programs with SYSTEM privileges but you cannot start a program which has visible windows and dialogue boxes to operate normally with SYSTEM account.
Thats as per my experience. Tell me if anyone else has got a success in running it that way! I would like to know HOW!!!
I was just trying to elaborate on what you had said about windows update. In this instance, it is important to tell them how windows update works and which services/programs are involved. I was explaining how windows update works so they can understand that it is a normal system function and not some backdoor.
BTW: You can run a program as system that has visable windows, etc.
Do the following.
Log on as admin, or "run as" the command prompt as admin.
Make sure the task scheduler is running.
create a task using the at command to start taskmgr one minute from your current time.
at 13:48 /interactive taskmgr
(you have to change the 13:48 to be whatever is one minute past your current time)
one minute later, it will open the task manager. if you look at processes, it will be running as SYSTEM. from there, you can use the new task button under the applications tab to start any program under the same SYSTEM privledges. Whatever you want. cmd, internet explorer, firefox, whatever. As you know, all those programs have visible windows.
Last edited by phishphreek; October 21st, 2007 at 06:59 PM.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
October 21st, 2007, 06:51 PM
#12
Well, lemme try, I have not tried it with taskmgr till now! I will get back soon (actually, VMWARE is what I will test it on .... who's gonna risk WIndows!)
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
-
October 21st, 2007, 07:00 PM
#13
Hell yes, that was right! I did not know about the /interactive switch! Thanks for that... but still, some files like SAM are inaccessible! However the registry entry for SAM was open to be exploited!
but I noticed tht the trick does not work if I log onto another acount with admin privileges. It worked only when I used the account whose NAME is also administrator.
Last edited by jockey0109; October 21st, 2007 at 07:02 PM.
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
-
October 21st, 2007, 07:35 PM
#14
Hmm, not sure why. I created a new admin account. Then I renamed and disabled my default admin account. I'm running under a different SID all together and just as an account in the admin group. Mine seems to work fine on both Windows XP PRO SP2 and Windows Media Center 2002 SP2.
I have a vista ultimate box here that I just started exploring. I'll have to see if you can do it with Vista too.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
October 21st, 2007, 07:42 PM
#15
I was explaining how windows update works so they can understand that it is a normal system function and not some backdoor.
That is true, but there was a bit of a fuss a few weeks ago when the Updater updated itself without asking user permission, even if updates had been turned off.
-
October 22nd, 2007, 03:02 AM
#16
Now I am not using the WIndows much, but certainly, that was something I did not read anywhere else than AO (actually I go for a limited no. of sitesdue to time boundaries). And of cours, that is a good thing .... only that its good just for MS. And this should reduce the no. of pirated copies.
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
-
October 22nd, 2007, 02:02 PM
#17
Hi Jockey,
I posted this no long time ago.its interesting read.its link there on the page
http://antionline.com/showthread.php?t=275939
-
October 22nd, 2007, 03:26 PM
#18
Off Topic//
I run ZoneAlarm on this box, and I updated it fairly recently............. It now asks me for permission to go to the "mainframe" and see if there is an update.
I guess some outfits have taken a lesson from the very negative response that M$ got?
\\
-
October 22nd, 2007, 07:23 PM
#19
hmmm... well, question is: did MS got it right? Now I seriously do not think that it was a real nice idea to get their software update itself despite the denial of permission by its own USER! MS talks everythnig about themselves and all that goes right with them but never about the rules that it breaks and specially those which were made and showcased by MS itself!
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By carenath in forum Operating Systems
Replies: 8
Last Post: January 8th, 2006, 06:03 AM
-
By Negative in forum Microsoft Security Discussions
Replies: 25
Last Post: June 28th, 2004, 02:28 PM
-
By Nokia in forum Tips and Tricks
Replies: 4
Last Post: June 18th, 2004, 04:24 PM
-
By -DaRK-RaiDeR- in forum Newbie Security Questions
Replies: 9
Last Post: December 14th, 2002, 08:38 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|