One way is to see whats tasks on the taskbar are launched by System, explore them and look for a open file dialog box which can then be used to launch cmd.exe. Another way is to see if the cmd.exe can be launched as a service with system privileges.
If you can bring up a local command prompt, with basic user privileges you can try to run the following:
sc create testsvc binpath= "cmd /K start" type= own type= interact
sc start testsvc
You can rename testsvc to whatever you want, like WindowsUpdateDaemon and the best part is that the service can be stopped and restared at any time.
And of course to remove the service:
sc delete testsvc
So what can you do with this?
If you were locked out from removing programs, editing services, checking system properties, things that involve the mmc console...
You could probably invoke these now using the command line. Most of these programs exist in system32 folder. Some may not be there or disabled, but there is no harm in trying.
Services Management services.msc
Shared Folders fsmgmt.msc
Remote Desktops tsmmc.msc
Group Policy Management gpmc.msc
Computer Management compmgmt.msc
Bigger list here: http://social.technet.microsoft.com/wiki/contents/articles/417.windows-mmc-snap-ins-msc.aspx
Ref: http://blogs.msdn.com/b/adioltean/archive/2004/11/27/271063.aspx
WindyCityTech Blogger
WindyWindyCityTech Wordpress
No comments:
Post a Comment