About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Store
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
DelightedZuk
's Blog
Created: Sunday, January 17 2010 04:34.28 CST
Modified: Sunday, January 17 2010 04:36.55 CST
Printer Friendly ...
Administrator account VS. SYSTEM account
Author:
DelightedZuk
# Views:
1097
Full blog post including a bit sarcasm at :
http://imthezuk.blogspot.com/
I've encountered one trojan who ran already as Administrator and tried to run privilege escalation exploit against himself, so he can run as SYSTEM.
This is what made me write this post :
Let's say there are 2 programs vulnerable to remote-code-execution bug.
1. One is running as SYSTEM
2. One is running as Administrator.
Little pre-post-information regarding exploitation : If you run your exploit against a process which runs as Administrator, Your payload will run as Administrator. If you run it against SYSTEM account your payload will run as SYSTEM account.
Which one you would want to exploit more?
95% of security people, will say : "the SYSTEM one, off-course SYSTEM is much stronger than admin, it's the strongest user in the OS".
I'd say : it doesn't matter and I might slightly want to run as Admin instead of System. Why? This is what this blog-post is all about.
pre Windows 2008 post. full post @ my blog :
http://imthezuk.blogspot.com/
Blog Comments
suedo
Posted: Wednesday, January 27 2010 22:08.47 CST
looks like you just read someone's article and made a non-informal opinion while wielding your inexperience around. good luck in your future endeavors.
DelightedZuk
Posted: Sunday, January 31 2010 10:10.31 CST
No. I've heard someone saying : "SYSTEM is much stronger than Administrator" and he couldn't explain it, only after I've explained him that Administrator can become SYSTEM relativly easy, he understood.
It's not a hacking contest, and experience is per person, yet, I have to say I've probably rooted 100x times more computer than you ever did, why am I saying that? cause I've written this only because of experience.
Laughing about someone because you think you're smarter sometimes makes you look silly. I wasn't trying to brag or something like that, maybe that's not your kind of articles or subject, if it's like that than please do not reply instead saying "bla bla I'm better than you bla bla".
Final note - If you got nothing to say, just keep it to yourself.
Cheers.
suirp
Posted: Tuesday, February 2 2010 19:55.17 CST
<3
Add New Comment
Comment:
Active in Last 5 Minutes
igorsk
Invisible
Invisible
There are
16,537
total registered users.
Recently Created Topics
how to crate a PATC...
Mar/10
wsnpoem audio.dll
Mar/09
suggestions - RE tra...
Mar/09
Requesting Suggestio...
Mar/06
Force enable debug p...
Mar/05
upgrading new image ...
Mar/03
upgrading new image ...
Mar/03
upgrading new image ...
Mar/03
Can some one give me...
Mar/02
Error in generating ...
Feb/28
Recent Forum Posts
wsnpoem audio.dll
zhane
suggestions - RE tra...
Silkut
how to crate a PATC...
Silkut
suggestions - RE tra...
RolfRolles
wsnpoem audio.dll
debbie
Requesting Suggestio...
secursig
Requesting Suggestio...
phn1x
how to get executabl...
RabidCi...
how to get executabl...
RabidCi...
Force enable debug p...
Silkut
Recent Blog Entries
RolfRolles
Mar/08
Compiler Optimizations for ...
ReWolf
Mar/04
When memory management goes...
thesprawler
Feb/20
log1949.txt -- Wondering ho...
thesprawler
Feb/20
log1949.log -- created on C...
thesprawler
Feb/17
Trying to reverse the firmw...
More ...
Recent Blog Comments
wildinto
on:
Mar/10
Compiler Optimizations for ...
Orr
on:
Mar/10
Compiler Optimizations for ...
bughoho
on:
Mar/09
Compiler Optimizations for ...
cliffwolf
on:
Mar/08
Compiler Optimizations for ...
Orr
on:
Mar/08
When memory management goes...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}