Root on windows

#1 16-02-2007, 10:55 PM

How To Access "ROOT" Account in Windows

System Level Privilege Escalation

What is System Level?
Press Ctrl+Alt+Del to launch task manager and select "process" tab.
You will notice that some services and programs are running under
system account and even administrator account is not able to access these services.
System is the highest account in windows. (Just as root in Linux)
There are special rights that is available only in System account where
even administrator is forbidden to touch them.
You can be a super-power user by accessing System. (even when logged
as a restricted user)

Note : Accessing system account may cause serious problems.
Leave this tread and don't follow the rest of this topic
if you don't know what you are doing.

Local system differs from an administrator account in that it has
full control of the operating system, similar to root on a *nix
machine. Most system processes are required by the operating
system, and cannot be closed, even by an administrator account;
attempting to close them will result in an error message.

In Windows NT and later systems derived from it ( windows 2000,
Windows XP, Windows servers 2003 and Windows Vista), there may
or may not be a superuser. By default, there is a superuser named
Administrator, although it is not an exact analogue of the Unix
root superuser account. Administrator does not have all the
privileges of root because some superuser privileges are assigned
to the Local System account in windows NT/XP.

What you gain by accessing System?
Local privilege escalation is useful on any system that a hacker
may compromise; the system account allows for several other
things that aren't normally possible (like resetting administrator password)

You can even login to System and lock administrator account out by
editing group policy or other tools in windows.

How to access System:
Note : Don't follow the procedure bellow if you don't know what you
are doing. You may harm your PC. If you follow, Do it on your own risk.

1 check the name of the account you've logged into (Click start. You
will see the name of the account you've logged in.)

2 launch the command prompt. ( click start, select Run, type cmd and hit OK button)
in command prompt, create a scedule to run cmd.exe.
to create a scedule type the following line and hit enter.
at 20:21 /interactive "cmd.exe"
this will create a scedule to run cmd.exe at 20:21.
(since you are testing, check the time in your system try and add two or three minutes.)
Change this time according to your local time

hint : you can check if the scedule is placed by typing "at"
and hitting enter after the above step.

3 wait for the time you set for the scedule.
cmd.exe would be launched at the specified time.

4 After cmd.exe is launched by the sceduled time, press Ctrl+Alt+Del
and launch taskmanager.
Select "Process" tab, select explorer.exe in the process list and click "End Process" button.
you will receive a confimation dialoge . click "Yes" to end the process.

5 Close taskmanager by clicking the X button.
Close the first cmd window ( be careful to close the first one not the second one.)

6 now you have only the second command prompt window and an empty desktop.
in command prompt type the following line and hit "Enter"
cd ..

7. in command prompt type the following line and hit "Enter"
explorer.exe
If this is the first time you do it, windows creates the necessary
components for you to access System ( Desktop, start menu,
My document)
when it's finished you will have a new desktop.

8. close command prompt window. Click start and check your username.
It's changed to System.

Now you are a super-power user. Be careful not to harm your PC and delete or modify system files if you don't know what you are doing.
Credit: Je ne sais pas.