I have just uncovered a way to perform root priviledge escalation under Windows (tested using Server 2003 SP2)…so easy, with no addons or anything – all you need is a console.
- Open up a command prompt (cmd.exe)
- Type whoami. This should return your username – lowly peon user.
- In the command prompt, enter the following: at <current time + 1 min> /interactive “cmd.exe”
The point of this step is to set up a scheduled task to execute in one minute of the current time. This scheduled task will launch a command prompt under the credentials of Local System.
For example: at 11:05 /interactive “cmd.exe” will launch the cmd window at 11:05am. - Type whoami into the new cmd window…..Voila!
Once escalated, you can use taskmgr to kill explorer and then re-run it from the new command prompt with the escalated priviledge.
Related posts:
- Run a command as Administrator under Windows To run any command under the credentials of a different...
- Relocating Your Windows Profile To A Different Location In the last few OS rebuilds of my machine, i’ve...
- Mount a VHD in Windows 7 Windows 7 (and possibly even Vista) has the ability to...
- How to Create The Ultimate Windows XP Installation CD/DVD http://www.anewmorning.com/2008/01/30/how-to-create-the-ultimate-windows-xp-installation-cddvd/ My laptop is in the perfect condition to try...
- Hiding Items From Windows Update having freshly reinstalled Vista Ultimate on my work laptop, Windows...
