Have you ever had a process that you could not kill or a service that you knew and could’t stop?
The process or service may have been used by SYSTEM o it may have been launch by him or simply you just don’t have privileges like deactivating an antvirus on a pc with a remote desktop.
All these problems could be solved if we could access the pc with the SYSTEM user or at least execute things with those privileges and that is what we are going to explain how to do.
The first thing we need is a user that can execute the task manager ( command “AT”)
We’ll go to the start menu and execute the command “cmd.exe” at the “execute” option to open an MS-DOS window ( yes I know, in windows XP it’s called something else)
The next thing is to execute the command “at HH:MM /interactive “ with HH:MM the hour and minute of the pc.
With out closing this window we’ll wait for 1 minute and we’ll se a new window like this one :
As we can see on the window title, the first one, the one we opened is “cmd.exe” and the one the task manager opened is “svchost.ese”
If we open a windows task manager ( ctrl+shift+esc) in the tab of process we’ll see that the user that has launched one window is the user while who has launched the second is the user SYSTEM and everything we execute on that window will be executed as the SYSTEM user with all his rights.
For example, if we execute the “calc.exe” to view the calculator, and we see the windows task manager, we can see this:
For example we close the process called “explorer.exe” and from the window “svchost.exe” we execute the command “explorer.exe” we’ll start a new session with the SYSTEM user with all it’s rights.
If we want to go back to our user, we just have to close the process “explorer.exe” and start a new one in the “cmd.exe” window, start a session with our user.