Administrator account VS. SYSTEM account
 Itzhak A (DelightedZuk) <itz2000 gmail com> |
Sunday, January 17 2010 04:34.28 CST |
Full blog post including a bit sarcasm at : http://imthezuk.blogspot.com/
I've encountered one trojan who ran already as Administrator and tried to run privilege escalation exploit against himself, so he can run as SYSTEM.
This is what made me write this post :
Let's say there are 2 programs vulnerable to remote-code-execution bug.
1. One is running as SYSTEM
2. One is running as Administrator.
Little pre-post-information regarding exploitation : If you run your exploit against a process which runs as Administrator, Your payload will run as Administrator. If you run it against SYSTEM account your payload will run as SYSTEM account.
Which one you would want to exploit more?
95% of security people, will say : "the SYSTEM one, off-course SYSTEM is much stronger than admin, it's the strongest user in the OS".
I'd say : it doesn't matter and I might slightly want to run as Admin instead of System. Why? This is what this blog-post is all about.
pre Windows 2008 post. full post @ my blog :
http://imthezuk.blogspot.com/
Comments
 suedo |
Posted: Wednesday, January 27 2010 22:08.47 CST |
| looks like you just read someone's article and made a non-informal opinion while wielding your inexperience around. good luck in your future endeavors. | |
 DelightedZuk |
Posted: Sunday, January 31 2010 10:10.31 CST |
|
No. I've heard someone saying : "SYSTEM is much stronger than Administrator" and he couldn't explain it, only after I've explained him that Administrator can become SYSTEM relativly easy, he understood. It's not a hacking contest, and experience is per person, yet, I have to say I've probably rooted 100x times more computer than you ever did, why am I saying that? cause I've written this only because of experience. Laughing about someone because you think you're smarter sometimes makes you look silly. I wasn't trying to brag or something like that, maybe that's not your kind of articles or subject, if it's like that than please do not reply instead saying "bla bla I'm better than you bla bla". Final note - If you got nothing to say, just keep it to yourself. Cheers. |
|
 suirp |
Posted: Tuesday, February 2 2010 19:55.17 CST |
| <3 | |