Flag: Tornado! Hurricane!

Blogs >> DelightedZuk's Blog

Created: Sunday, January 17 2010 04:34.28 CST Modified: Sunday, January 17 2010 04:36.55 CST
Printer Friendly ...
Administrator account VS. SYSTEM account
Author: DelightedZuk # Views: 2360

Full blog post including a bit sarcasm at : http://imthezuk.blogspot.com/

I've encountered one trojan who ran already as Administrator and tried to run privilege escalation exploit against himself, so he can run as SYSTEM.
This is what made me write this post :

Let's say there are 2 programs vulnerable to remote-code-execution bug.
1. One is running as SYSTEM
2. One is running as Administrator.

Little pre-post-information regarding exploitation : If you run your exploit against a process which runs as Administrator, Your payload will run as Administrator. If you run it against SYSTEM account your payload will run as SYSTEM account.

Which one you would want to exploit more?
95% of security people, will say : "the SYSTEM one, off-course SYSTEM is much stronger than admin, it's the strongest user in the OS".
I'd say : it doesn't matter and I might slightly want to run as Admin instead of System. Why? This is what this blog-post is all about.

pre Windows 2008 post. full post @ my blog :

http://imthezuk.blogspot.com/



Blog Comments
suedo Posted: Wednesday, January 27 2010 22:08.47 CST
looks like you just read someone's article and made a non-informal opinion while wielding your inexperience around. good luck in your future endeavors.

DelightedZuk Posted: Sunday, January 31 2010 10:10.31 CST
No. I've heard someone saying : "SYSTEM is much stronger than Administrator" and he couldn't explain it, only after I've explained him that Administrator can become SYSTEM relativly easy, he understood.

It's not a hacking contest, and experience is per person, yet, I have to say I've probably rooted 100x times more computer than you ever did, why am I saying that? cause I've written this only because of experience.
Laughing about someone because you think you're smarter sometimes makes you look silly. I wasn't trying to brag or something like that, maybe that's not your kind of articles or subject, if it's like that than please do not reply instead saying "bla bla I'm better than you bla bla".

Final note - If you got nothing to say, just keep it to yourself.

Cheers.

suirp Posted: Tuesday, February 2 2010 19:55.17 CST
<3



Add New Comment
Comment:









There are 21,677 total registered users.


Recently Created Topics
PyEmu error when cal...
Sep/02
Restore Themida/Winl...
Sep/02
Anti-olly technique
Aug/30
RAR Password
Aug/29
Heap protection on W...
Aug/23
Why Inline asm in C+...
Aug/20
Bypassing OllyAdvance
Aug/17
Error in logic for g...
Aug/17
Has anyone seen this...
Aug/17
ARM Executable - Pat...
Aug/16


Recent Forum Posts
reverse engineering ...
raiden56
pydbg, memory breakp...
Researc...
RAR Password
Ineedhelp
RAR Password
cod
Heap protection on W...
voila
Heap protection on W...
j00ru
Heap protection on W...
voila
Heap protection on W...
j00ru
Heap protection on W...
psylocn
Why Inline asm in C+...
ronnie2...


Recent Blog Entries
meshmesh
Sep/01
Is it legal??

waleedassar
Aug/30
Anti-olly technique

QvasiModo
Aug/24
WinAppDbg 1.4 is out!

artemblagodarenko
Aug/18
Dataflow-0.2.0 released. Ne...

grzonu
Aug/17
Bypassing OllyAdvanced

More ...


Recent Blog Comments
tosanjay on:
Sep/02
PyEmu 0.0.2

GynvaelColdwind on:
Sep/01
Is it legal??

PeterFerrie on:
Aug/31
Anti-olly technique

dennis on:
Aug/26
Dr. Gadget IDAPython plugin

halsten on:
Aug/19
Dataflow-0.2.0 released. Ne...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit