"Windows Automatic Update" or a backdoor

Quote:

---

Originally Posted by jockey0109

Yes, as far as the %systemroot%\SoftwareDistribution is concerned about it, I was aware about it (had applied updates to a newly installed OS copy from that of an already existing one on the same machine ;) ) Now, yes thats the way update takes place. I did not know about the BITS (thanks for that). But my intension was not to tell him that how Windows update takes place in particular. Since he asked about a backdoor, I thought it would have been better to tell about the system account.

Thats not the way you hack into your SYSTEM account. Yes, the at command can be used to run programs with SYSTEM privileges but you cannot start a program which has visible windows and dialogue boxes to operate normally with SYSTEM account.

Thats as per my experience. Tell me if anyone else has got a success in running it that way! I would like to know HOW!!!

---

I was just trying to elaborate on what you had said about windows update. In this instance, it is important to tell them how windows update works and which services/programs are involved. I was explaining how windows update works so they can understand that it is a normal system function and not some backdoor.

BTW: You can run a program as system that has visable windows, etc.

Do the following.

Log on as admin, or "run as" the command prompt as admin.
Make sure the task scheduler is running.

create a task using the at command to start taskmgr one minute from your current time.

at 13:48 /interactive taskmgr

(you have to change the 13:48 to be whatever is one minute past your current time)
one minute later, it will open the task manager. if you look at processes, it will be running as SYSTEM. from there, you can use the new task button under the applications tab to start any program under the same SYSTEM privledges. Whatever you want. cmd, internet explorer, firefox, whatever. As you know, all those programs have visible windows. ;)

Well, lemme try, I have not tried it with taskmgr till now! I will get back soon (actually, VMWARE is what I will test it on .... who's gonna risk WIndows!)

Hell yes, that was right! I did not know about the /interactive switch! Thanks for that... but still, some files like SAM are inaccessible! However the registry entry for SAM was open to be exploited!

but I noticed tht the trick does not work if I log onto another acount with admin privileges. It worked only when I used the account whose NAME is also administrator.

Hmm, not sure why. I created a new admin account. Then I renamed and disabled my default admin account. I'm running under a different SID all together and just as an account in the admin group. Mine seems to work fine on both Windows XP PRO SP2 and Windows Media Center 2002 SP2.

I have a vista ultimate box here that I just started exploring. I'll have to see if you can do it with Vista too.

Quote:

---

I was explaining how windows update works so they can understand that it is a normal system function and not some backdoor.

---

That is true, but there was a bit of a fuss a few weeks ago when the Updater updated itself without asking user permission, even if updates had been turned off. :eek:

Now I am not using the WIndows much, but certainly, that was something I did not read anywhere else than AO (actually I go for a limited no. of sitesdue to time boundaries). And of cours, that is a good thing .... only that its good just for MS. And this should reduce the no. of pirated copies.

Hi Jockey,
I posted this no long time ago.its interesting read.its link there on the page
http://antionline.com/showthread.php?t=275939

Off Topic//

I run ZoneAlarm on this box, and I updated it fairly recently............. It now asks me for permission to go to the "mainframe" and see if there is an update.

I guess some outfits have taken a lesson from the very negative response that M$ got? :D

\\

hmmm... well, question is: did MS got it right? Now I seriously do not think that it was a real nice idea to get their software update itself despite the denial of permission by its own USER! MS talks everythnig about themselves and all that goes right with them but never about the rules that it breaks and specially those which were made and showcased by MS itself!