If you open your task manager (ctrl + alt + del) and look at the processes, you will notice that different processes are being run by different users. Some of these processes will be the user you are logged in as, some are local services, network services, and some are run by the system. Now try ending a process run by the system… You will get an error saying access denied. What does this mean? It means that even though you may be admin, you are not the most privileged user on your computer, the system is. Once we become the system, we will be able to access ANY folder, registry entry, etc, but you will be also be able to kill any system task which can be antivirus, VNC, deepfreeze, etc.
How do we do it?
Alright, the windows task manager ends programs and processes, but what most people don’t know is that it can also start them. It starts the new processes under the user who it is being run by. You can see this by looking at the taskmgr.exe process; it is being run by you. So in order to start processes as system we must start the task manager as system, and once we do that we can start a new explorer.exe process which will give us full access to ANYTHING. In order to start the task manager under system we must use the windows scheduler. The scheduler is a built in windows program that allows you to run any program at any time.
1. Hit Start -> Run
2. Type “at XX:XX /interactive taskmgr” in the box (without the quotes) where XX:XX is the time one minute ahead of the clock, but in military time. So lets say that it is 4:15 pm. You would type 16:16
3. When 4:16 comes around the task manager will open. What is different? it is now being run by the system, you can check this in the process tab.
4. Kill the explorer process
5. Click File -> New Task and in the box type explorer.exe
6. Your windows should now start loading up again
7. Once it does, look at the user who is logged in at the start menu… SYSTEM… look at explorer.exe in the task manager.. SYSTEM
You now have full access to the computer to do whatever the hell you want.
How do we do it?
Alright, the windows task manager ends programs and processes, but what most people don’t know is that it can also start them. It starts the new processes under the user who it is being run by. You can see this by looking at the taskmgr.exe process; it is being run by you. So in order to start processes as system we must start the task manager as system, and once we do that we can start a new explorer.exe process which will give us full access to ANYTHING. In order to start the task manager under system we must use the windows scheduler. The scheduler is a built in windows program that allows you to run any program at any time.
1. Hit Start -> Run
2. Type “at XX:XX /interactive taskmgr” in the box (without the quotes) where XX:XX is the time one minute ahead of the clock, but in military time. So lets say that it is 4:15 pm. You would type 16:16
3. When 4:16 comes around the task manager will open. What is different? it is now being run by the system, you can check this in the process tab.
4. Kill the explorer process
5. Click File -> New Task and in the box type explorer.exe
6. Your windows should now start loading up again
7. Once it does, look at the user who is logged in at the start menu… SYSTEM… look at explorer.exe in the task manager.. SYSTEM
You now have full access to the computer to do whatever the hell you want.
