About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
DelightedZuk
's Blog
Created: Sunday, January 17 2010 04:34.28 CST
Modified: Sunday, January 17 2010 04:36.55 CST
Printer Friendly ...
Administrator account VS. SYSTEM account
Author:
DelightedZuk
# Views:
3940
Full blog post including a bit sarcasm at :
http://imthezuk.blogspot.com/
I've encountered one trojan who ran already as Administrator and tried to run privilege escalation exploit against himself, so he can run as SYSTEM.
This is what made me write this post :
Let's say there are 2 programs vulnerable to remote-code-execution bug.
1. One is running as SYSTEM
2. One is running as Administrator.
Little pre-post-information regarding exploitation : If you run your exploit against a process which runs as Administrator, Your payload will run as Administrator. If you run it against SYSTEM account your payload will run as SYSTEM account.
Which one you would want to exploit more?
95% of security people, will say : "the SYSTEM one, off-course SYSTEM is much stronger than admin, it's the strongest user in the OS".
I'd say : it doesn't matter and I might slightly want to run as Admin instead of System. Why? This is what this blog-post is all about.
pre Windows 2008 post. full post @ my blog :
http://imthezuk.blogspot.com/
Blog Comments
suedo
Posted: Wednesday, January 27 2010 22:08.47 CST
looks like you just read someone's article and made a non-informal opinion while wielding your inexperience around. good luck in your future endeavors.
DelightedZuk
Posted: Sunday, January 31 2010 10:10.31 CST
No. I've heard someone saying : "SYSTEM is much stronger than Administrator" and he couldn't explain it, only after I've explained him that Administrator can become SYSTEM relativly easy, he understood.
It's not a hacking contest, and experience is per person, yet, I have to say I've probably rooted 100x times more computer than you ever did, why am I saying that? cause I've written this only because of experience.
Laughing about someone because you think you're smarter sometimes makes you look silly. I wasn't trying to brag or something like that, maybe that's not your kind of articles or subject, if it's like that than please do not reply instead saying "bla bla I'm better than you bla bla".
Final note - If you got nothing to say, just keep it to yourself.
Cheers.
suirp
Posted: Tuesday, February 2 2010 19:55.17 CST
<3
Add New Comment
Comment:
There are
28,220
total registered users.
Recently Created Topics
Reverse Engineering ...
Jan/23
Career: DoD Agency I...
Jan/22
"Disappearing&q...
Jan/17
Career: Software Sec...
Jan/11
Where is the call st...
Jan/07
IDA Pro 6.1 Breakpoi...
Jan/01
How to create data s...
Dec/30
can i search all mod...
Dec/23
IDA symbol table exp...
Dec/20
An anti-attach trick
Dec/17
Recent Forum Posts
Reverse Engineering ...
NirIzr
"Disappearing&q...
NirIzr
Reverse Engineering ...
charlie
"Disappearing&q...
charlie
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
Looking for value in...
NirIzr
Recent Blog Entries
waleedassar
Feb/06
OllyDbg v1.10 And Hardware ...
waleedassar
Jan/31
Yet Another Anti-Debug Trick
RolfRolles
Jan/22
Finding Bugs in VMs with a ...
waleedassar
Jan/13
An OllyDbg Bug Disables Sof...
waleedassar
Jan/01
Another OllyDbg Anti-Debug ...
More ...
Recent Blog Comments
NirIzr
on:
Feb/05
Yet Another Anti-Debug Trick
trolotou
on:
Feb/05
Doudoune Moncler -Pennies F...
waleedassar
on:
Feb/01
Yet Another Anti-Debug Trick
NirIzr
on:
Jan/31
Yet Another Anti-Debug Trick
jackchen
on:
Jan/10
nike mercurial vapor iii
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}