Tuesday, January 19, 2010

How to Disable Vibrant Ads.

On any browser with cookies enabled, click on the following link.

http://www.vibrantmedia.com/whatisIntelliTXT.asp?ipid=7540&cc=us&server=business.msnbc.us.intellitxt.com

Click on the disable tab. Then Click the link to disable the ads and your done! How kind of them to leave it up to the user to choice to see the ads or not.

Friday, January 8, 2010

Creating hidden accounts on a XP Box

Others want to log in to XP under your name?
Need to have an account under the radar?

Whatever the need, note it can be done!

The problem is that user accounts always show up on the welcome screen on XP. Our goal is to hide them from there using a simple Windows registry tweak. This tweak requires an existing account, so use one thats already there or create a new one. I would recommend the later!

Now go into the Registry (click on "start" > "Run" and type "Regedit" (without quotes) and hit enter).

Now go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList

Now right-click on the pane on the right and create a new DWORD. Make the name from "New Value #1" to the same as the AccountName you wish to hide. Example: if I wanted to hide an Account called StealthyMoFo, the DWORD Name would be StealthyMoFo.

Now double-click on the name and set the data value:

0 to hide it
1 to make it visible

Now exit the registry and reboot the machine for this to take effect.

To logon using this new account, when you see the welcome screen, hold down "ctrl+alt" and hit delete twice. this should take you to a normal username\password prompt like Windows 2000. Enter the name and password of the hidden account to log on.


Two Side Notes:

  • This can be used to also force the Administrator account to show up on the welcome screen as it does in safe mode.
  • Your hidden account will still have a folder under Documents and Settings. So if someone see's it, they might suspect something. Try to use something that sounds like it might belong there like "RemoteService" or "DotNet" or "Admin". Most people wouldn't rise an eyebrow as those would seem like normal application/User accounts.

Monday, January 4, 2010

fun with Explorer.exe running under SYSTEM account.

In windows xp it is possible to obtain an process of explorer.exe running as the SYSTEM account.

--==[ Obtaining Explorer.exe Running as SYSTEM ]==--

To obtain our shell we will use the command line and the "at" command. Once you have the shell open type the following command:

at {Time_in_military_format_plus_one_min} /interactive cmd.exe


Example if time were 5:45 PM: at 17:46 /interactive cmd.exe


This will give us a command prompt in one min. The interesting thing about this command prompt is the title. The title should read something like "C:\windows\system32\svchost.exe". That allow is interesting! Check your taskmanager, This process of CMD.EXE will be running under the user SYSTEM!

With That being said, anything spawned via this shell should run under the context of the SYSTEM account. Try it out, run notepad.exe from under that shell and check your taskmanager.

Now it's time to get that Explorer Running under SYSTEM. Use the task manager to kill the process of explorer.exe that is running under your account and then run explorer.exe in the command shell that is running as system, It's that easy!

With our Explorer running as SYSTEM anything that you launch with a double-click runs as SYSTEM as well. Now the fun starts. What to do? What to do?

--==[ Abusing Explorer.exe as SYSTEM ]==--

I'm sure there are more things then listed here. But here are the two I like ;-).

1) Ignore local file permissions. Even with a users Documents and Settings set as private, as SYSTEM you can still travel through it. I used to use this when looking through a hard drive that was pulled from another PC and the user needed files from under there documents and settings.

2) Change the password on a local account without knowing the old password! How cool is that! that includes local admin accounts!

Now have fun, figure out what else you can do with it and don't use this for anything illegal.