10-19-2009, 03:41 PM
Join Date: Jan 2008
Re: I got locked out
Obtaining System Privileges on Microsoft Windows XP as NetworkService
Now, we are going to obtain System Privileges. Know that there is a massive difference between System Privileges and Administrative Privileges. Even if you are an administrator, try to kill the smss.exe process, or try to access C:\System Volume Information. Even if you found some way to tweak that, the bottom line is that even as an administrator, you are not part of the operating system. System is part of the operating system. You can basically kill your pc or repair it if there is a problem. To get System Privileges, follow these steps below. If there is a problem, please try to figure out what is wrong or try an alternative or LOOK AT TROUBLESHOOT BELOW instead of spamming this post with questions.
1) Open the command prompt.
2) Type the command below.
sc create systemprompt binpath= "cmd.exe /K start" type= own type= interact
3) You have now created the service. To run it, type the command below.
sc start systemprompt
4) You should now have a new prompt. This new prompt has system privileges power. You can destroy your operating system with this prompt (well, you could destroy your operating system without it...) or you could read on and find out how to get the system desktop.
Time to learn a few concepts:
The process explorer.exe is called the shell process. Any process you create from the shell is under the username of the shell. When you login as Bill, the shell is started under username Bill, and any process you create from the shell (ie. desktop, start menu, almost everything for the average user that doesnt explore the command prompt and such), is created under the username Bill. When you load the shell for the System, the username will be NetworkService, and about every program you run will spawn from NetworkService, which basically guarentees you system privileges for each and every program you run. ONE NICE THING: If your parents or someone has made their account private, you can now look into their documents without any problems. REMEMBER, YOU ARE THE OPERATING SYSTEM NOW. Now lets end this absurdly extended paragraph and load the system shell. If you STILL HAVE NO IDEA WHAT THE HECK A "SHELL" IS, YOU WILL FIND OUT BELOW.
5) Open task manager BY USING CTRL+ALT+DEL OR CTRL+SHIRT+ESC.
6) Click the Processes tab, and find process "explorer.exe" without quotations.
7) Click End Process and click Yes to the confirmation. Warning: The desktop and taskbar will dissapear, and yes, thats normal. Thats why explorer.exe is called the shell process and thats why the Desktop and Taskbar and Windows Explorer are part of the shell
8) Returning to the system prompt, (and if the prompt isnt visible, use ALT+TAB to switch programs) type the simple command below.
9) You should now see the taskbar and desktop come back, but why is it different?! Because this desktop and taskbar is the SYSTEM desktop and SYSTEM taskbar. If you click Start, the username will be SYSTEM. Now, operate this account like you would for a normal user, and don't try to screw it up...because things on this account are saved just like a normal profile.
10) REVERSING THE PROCESS
To reverse the process, use CTRL+ALT+DEL or CTRL+SHIFT+ESC to open Task Manager. CLick the Processes tab and select the explorer.exe process. End the process and click Yes to the confirmation. The system desktop and system taskbar should now dissapear. Using the same task manager, go to the Applications tab and click "New Task...". Type "explorer.exe" without quotations. You will now have your default shell (the one you logged in to with).
Change the Password of Any User
rem Notice I said Change and not Read
rem Must have administrative privileges or higher before trying out
net user USERNAME PASSWORD
rem Replace USERNAME with the username to change the password of
rem Replace PASSWORD with the password to change to