Notes on the study of local right to claim (i): Administrator's right to system

Source: Internet
Author: User
Tags kali linux

Notes on the study of local right to claim (i): Administrator's right to system

This article is my study in the process of making small notes so that the future view, there is no shortage of hope that you will point out ~

First of all, Windows, its users are generally divided into 3 categories, that is, ordinary user users, administrator administrators and system users. The system and administrator permissions are not included, and there is a difference between the two, so it is sometimes necessary to claim authority even if there are administrative administrator privileges or processes that require system users to use.

To facilitate viewing of the current user on the Windows command line, you can use the WhoAmI command, but you need to first place the Whoami.exe program in the System32 directory on the C disk. For this program can be obtained in Kali Linux, the specific path is:

/usr/share/windows-binaries/


1, through the AT command (Windows XP, 2003 and other systems feasible, Win7 after the command was deleted):

To view the parameters of the AT command:

AT/?
A/interactive parameter is found, that is, the command is executed interactively, and the result of the command can be seen, otherwise the command is not visible in the background.

The parameter cmd command in the AT command is run at a specified time (xx:xx for a fraction of a minute, such as 10:12):

At xx:xx/interactive cmd

From Task Manager, you can see that the user name for the cmd command is system, and that the program started in that startup cmd window starts with the system user name. But in addition to the system-initiated process, the interface is an administrator user, in order to be more convenient, You can implement the operation of the interface into the user system by entering the TASKMGR command at the system command line to open Task Manager with the system user and terminate the Explorer process for the administrator user in this At this point you can find the interface background and so on, and then in Task Manager < file > options in the new Explorer process, this time the interface is the system user interface.





2, through the SC command to create services (services are through the System account operation):

At the command line, enter:

SC Create syscmd binpath= "cmd/k start" type= own type=
This creates a service called SysCmd, which is interactive and functions to open the new CMD window. One thing to be aware of is that you must add a space after the equals sign in the next three arguments, otherwise the service will not be created correctly. You can enter services.msc in run to view the service.
You then need to start the service at the command line by entering the following command:

SC start SysCmd

You can also start the service through an interface.


The service has been created in the diagram, thus displaying the creation failure




3, through the Sysinternal Suite tool to achieve the right to mention:

Download the appropriate suite from the Web site, which is the suite. Put the PsExec tool in the System32 directory, enter the psexec command at the command line to determine the parameter I interaction and s with the system user, and enter the command:

Psexec-i-S CMD




Some other little knowledge about the command line with a few commands for the user name:

To modify the appropriate user's password:

NET user < username > *

To view all users:

NET user

View the current account basic situation:

NET user < username >



Of course there are many kinds of methods, limited to the lack of knowledge can not be a statement, a new harvest will continue to take notes.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.