OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Store Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Sunday, January 17 2010 04:34.28 CST

Modified: Sunday, January 17 2010 04:36.55 CST

Printer Friendly ...

Administrator account VS. SYSTEM account

Author: DelightedZuk

# Views: 2360

Full blog post including a bit sarcasm at : http://imthezuk.blogspot.com/

I've encountered one trojan who ran already as Administrator and tried to run privilege escalation exploit against himself, so he can run as SYSTEM.
This is what made me write this post :

Let's say there are 2 programs vulnerable to remote-code-execution bug.
1. One is running as SYSTEM
2. One is running as Administrator.

Little pre-post-information regarding exploitation : If you run your exploit against a process which runs as Administrator, Your payload will run as Administrator. If you run it against SYSTEM account your payload will run as SYSTEM account.

Which one you would want to exploit more?
95% of security people, will say : "the SYSTEM one, off-course SYSTEM is much stronger than admin, it's the strongest user in the OS".
I'd say : it doesn't matter and I might slightly want to run as Admin instead of System. Why? This is what this blog-post is all about.

pre Windows 2008 post. full post @ my blog :

http://imthezuk.blogspot.com/

Blog Comments

suedo	Posted: Wednesday, January 27 2010 22:08.47 CST
looks like you just read someone's article and made a non-informal opinion while wielding your inexperience around. good luck in your future endeavors.

DelightedZuk

Posted: Sunday, January 31 2010 10:10.31 CST

No. I've heard someone saying : "SYSTEM is much stronger than Administrator" and he couldn't explain it, only after I've explained him that Administrator can become SYSTEM relativly easy, he understood.

It's not a hacking contest, and experience is per person, yet, I have to say I've probably rooted 100x times more computer than you ever did, why am I saying that? cause I've written this only because of experience.
Laughing about someone because you think you're smarter sometimes makes you look silly. I wasn't trying to brag or something like that, maybe that's not your kind of articles or subject, if it's like that than please do not reply instead saying "bla bla I'm better than you bla bla".

Final note - If you got nothing to say, just keep it to yourself.

Cheers.

suirp	Posted: Tuesday, February 2 2010 19:55.17 CST
<3

There are 21,677 total registered users.

Recently Created Topics
PyEmu error when cal...	Sep/02
Restore Themida/Winl...	Sep/02
Anti-olly technique	Aug/30
RAR Password	Aug/29
Heap protection on W...	Aug/23
Why Inline asm in C+...	Aug/20
Bypassing OllyAdvance	Aug/17
Error in logic for g...	Aug/17
Has anyone seen this...	Aug/17
ARM Executable - Pat...	Aug/16

Recent Forum Posts
reverse engineering ...	raiden56
pydbg, memory breakp...	Researc...
RAR Password	Ineedhelp
RAR Password	cod
Heap protection on W...	voila
Heap protection on W...	j00ru
Heap protection on W...	voila
Heap protection on W...	j00ru
Heap protection on W...	psylocn
Why Inline asm in C+...	ronnie2...

Recent Blog Entries
	meshmesh	Sep/01
Is it legal??
	waleedassar	Aug/30
Anti-olly technique
	QvasiModo	Aug/24
WinAppDbg 1.4 is out!
	artemblagodarenko	Aug/18
Dataflow-0.2.0 released. Ne...
	grzonu	Aug/17
Bypassing OllyAdvanced
More ...

Recent Blog Comments
	tosanjay on:	Sep/02
PyEmu 0.0.2
	GynvaelColdwind on:	Sep/01
Is it legal??
	PeterFerrie on:	Aug/31
Anti-olly technique
	dennis on:	Aug/26
Dr. Gadget IDAPython plugin
	halsten on:	Aug/19
Dataflow-0.2.0 released. Ne...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit