Tuesday, August 17, 2010

I could have sworn they disabled this...

In Windows XP Service Pack 2, I could have sworn they disabled the at command.  Having it enabled allows any random user on your computer to escalate themselves to the user SYSTEM, which has absolutely full control over everything and can do things Administrators can't.

I was dicking around and decided to try to escalate to SYSTEM for the lulz.  Imagine my surprise as I went into the command prompt and typed the following:
at \\XT-8147 21:29 /interactive cmd.exe

And then a few seconds later, a command prompt pops up with SYSTEM's priveleges.

I'm running Windows XP Service Pack 3.  It was installed immediately after SP2 was installed, immediately after a virgin install of SP1 from a CD.  Due to Microsoft's infinite wisdom, you have to do it that way (probably not if you get the standalone installer, but it's not like they make that easy to find).  At any rate, I've disabled it now.

The average user might not see the point, or even the necessity, but regardless, if you're still running Windows XP, it's an important thing to have disabled, and disabling it is simple if you have Administrator privileges:
  1. In the Control Panel, go into Administrative Tools, and open Services.
  2. Scroll down, select Task Scheduler, and double click it.
  3. In the dialog that comes up, change Startup type to Disabled, and then click the Stop button.
  4. Once that's done, click OK, then close the services window.
There are videos on YouTube showing off this exploit.  You should heed any rational computer expert's advice and never run this command ever except to show people and then reboot to revert back to your regular account (or, you can use it responsibly to go in and disable the vulnerability).  It's more applicable if you're using Windows XP in an environment where you have a restricted account, like possibly at work.  Just for kicks, I tried the same command in my VM of Windows 7, and it specifically gave me an error message saying it wouldn't run it due to a security problem.

Edit: By the way, the "penis" reaction was me trying to click the edit link and missing. lol
Posted by at Tags: ,

No comments:

Post a Comment

I moderate comments because when Blogger originally implemented a spam filter it wouldn't work without comment moderation enabled. So if your comment doesn't show up right away, that would be why.

Subscribe to: Post Comments (Atom)