Printable View
I have a quick 3rd party tool that I use. Actually, it's a collection. I'm sure many of you have heard of PSTools from www.sysinternals.com
The tool "pskill.exe" kills processes at the command line, using the PID #. I use it mainly on production servers, it's very stable. Check it out.
thanks Elliente, but i already have the tool, and it only works via the commandline indeed, and that's just the problem!
this is another example of how limited gui's are, there are so much tools to do this via the command, but nobody knows a tools that has a graphical user interface!
that's just too bad! :(
OK what you are after is a Executable file that you can use in GUI enviroment, that
1/ dosent need installing..because of Admin settings,
2/ dosen't need to run from Command line.. again because of Admin settings
3/ that will change certain registry setting out side the current admin settings..
true? oh and you want it to re-enable the Taskmanager at least and preferably regedit and policy manager tools? this is what you are after?
I say this because .. try and remember all the keys and what they do in a win registry..
first thing that is disabled for my system users is regedit, and run.. then taskmanager (boy do cop flack over that).. some hate me because they are unable to install software.. yeh like I need Kazza running on our network or a pron Dialer some dick accidently d/l while playing ..
Now as for the tools..
I will get back to you..
Cheers
if there would exist such a tool, that would be perfect Und3ertak3r!
but with only the possibility of getting a process list would get me where i want to be too.
i'm glad you saw that i'm not planning on getting into the system illegally :)
cause i'm just here to learn, and NOT for destructive purposes, i hate that kind of guys!!
another tip for you: disable the command too, not only cmd.exe but also command.com and batch-files too!
that is if it isn't done already :P
and kazaa, yes i can understand you wouldn't want it on your network!
do you have antivirus software runing on your computer if you do you might be able to esculate your privilages on the local machine depending on which one you have.
how up to date are the service packs and patches kept on you machines?
The solution is very simple for a local TSR (like an AV):
Locate executables an rename them to .txt, then re-boot...just accept the error messages, and away you go............you need to think more laterally...........don't kill the process, just stop it from ever starting?
;)
Cheers
trend micro office scan is the AVG, and yes everything is very up to date!
as for preventing the process from starting, i've thought about that, but like i said, i'm helping my admins secure the system, i don't want to destroy it! :D
i dont know if avg has an html type help file
many apps that run with system privilages and use the winhlp api call a browser that runs at the same privilage level. although there is no tool bar you can right click on the title bar and "jump to url" c:\whatever you should be ablle to start taskmgr or right click and "open with" cmd.exe and have a shell operating as system.
Hey lepricaun,
I was a little short on that last post.............I was watching Hibernian v. Rangers soccer match :D .
I used to use the technique to UPDATE my McAfee AV on one site.................Admins were too lazy :(
I would rename the executables, re-boot, run the update & rename the executables back to .exe, re-boot and it ran with the latest definitions?
Did not harm the system at all
And YOU mentioned the AV app, which will not kill your system if it is not working?.........hey, why not experiment?
Cheers
Well, whether or not your a "rat", it's not my buisness, really. I mean, if it weren't for them 1000's of people would be without jobs. Not too mention that its blackhats and scriptkiddies that identify all these backdoors for admins.
The only thing I can think of is what I use at school to access the command prompt. Right click somewhere, and click "Create Shortcut". Then create a shortcut to where ever you want, many times, these are not blocked. I did it on a Win2K machine that connected to a Win2K3 server.