Finally the help of IT is here

Blog of computer solutions.

Elevation of Privilege in Windows Vista.

Written by Xaus Xavier Nadal on November 2nd, 2008

Good afternoon.

The late Friday at work I got to test the NewSid 4.10 in Windows Vista, I knew it did not work but some friends assured me that yes he would, even me showed after detecting that had 3 machines with the same SID in Windows Vista and pass the program, as well decided to make me a "proof of concept" of NewSID on my PC ( "Silly me for not doing it in a test environment, but good"). To which we tried it in 2 ways:

1.- Without removing the pc from domain (no sense because the SID of the machine for all that matters really is to differentiate one from another computer in a domain (More or less you know what I mean) But things have to try as they often surprise us and we detect a new bug or a new method to skip the protection. XD.

He could stick with the program, host name, restart after performing .... (Otia, works ...), but after a long time waiting to finalize the process and see that there was no future 15 minutes waiting, I stopped the program and removed the pc the domain after establishing that the local user that had long since he had used the password I wanted and that was the system administrator) (1 point for me).

2.- removed the domain pc:

In effect it does not work because it gives an error at the beginning of the program and can not continue in any way. It was right (2 points for me).

asserting Windows Vista does not work with NewSid I rebooted the computer to re-enter the pc in the domain.

What was my surprise when I enter the meeting of my local administrator, I will introduce the computer domain and will not let me because it says that this user is a local administrator. Well no problem I have another user local administrator, I try it and the same (What happened is that all local administrators had lost their credentials so they could not include my computer in the domain due to lack of privileges).

Well the weekend arrives and with it the time to devote to-me Hack my own PC, with what I take the computer to my house to bring him on Monday hacked (Or so she hoped, I am very stubborn and until we find the solution to a problem not stop (Whenever you have time available of course).

When I get home I take my dear NT Password Recovery I remembered that I could get to do an assignment to "Administrators" group of a selected user even in beta testing but that it is not. Y …. I do not get it. Shit. I sought to modify registry keys to give local administrator permissions because it assumed that if the NewSID has managed to remove administrator permissions only modifying registry keys I could do a rollback and ready but I managed not find anything. Well, yes: the only thing I found was information on how Windows Vista enable Administrator User (Hidden) using the command net user administrator / active: yes but of course that you have to also do with a user with administrator privileges.

I decided to google and learned a lot as always thanks to all the people that I published as articles of interest to others. One of the things that surprised me most was like giving me permissions to log chains SYSTEM mode through a utility Microsoft itself, here I leave the link: http://www.microsoft.com/downloads/details.aspx?FamilyId=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en), This already could be done from NT Password Recovery utility but this was much easier, only you give your user permissions on the registry string takes your fancy and then with the modified regedit. You can find more information on this in:

http://www.tech-archive.net/Archive/WinXP/microsoft.public.windowsxp.general/2007-03/msg04940.html

y

http://arangeltx.blogspot.com/2008/01/ltima-experiencia-regedit-claves-en-en.html

Not knowing that registry chains I discarded was to play pretty fast and I kept looking until he found the solution to my problem.

I make a brief summary (do not realicéis without adult supervision hacker).

From a command line to access NTFS such as Hiren's with your application or by Volkov Manager graphical environment with Bart's PE and A4FileManager application ... you must rename the file and utilman.exe cmd.exe as I show below:

utilman.exe ren utilman._exe
copy cmd.exe utilman.exe

With these steps we follow the command cmd.exe running and the command utilman.exe run a command line with administrator privileges since this application is executed with the user SYSTEM by default in the logon screen for Windows to run the application on site.

When you have the files renamed reiniciad the computer and the logon screen where the user and password you requested to access your session you should mark the symbol bottom-left of accessibility (Before utilman.exe and is now a line commands with administrator privileges) All that run from this command line will be with administrator privileges. Well we run compmgmt.msc to open the console user management and create a local user, it is included in the administrators and ready group, and we can enter with a user created by us without local administrator permissions or anything like that in a very simple way.

This "Human-Exploit" I found at: http://foro.elhacker.net/hacking_avanzado/escalada_de_privilegios_en_windows_vista-t158467.0.html s too much per the ajuda.

What we still do not understand is how the hell they changed the SID on a Windows Vista without making a sysprep. I hope that I have and I will explain.

Greetings Megacracks.

PS: This procedure is also useful for Windows XP.

Related Posts Plugin for WordPress, Blogger ...
Tags: , , , , , ,


11 Responses to "Elevation of Privilege in Windows Vista."

  1. zascan Says:

    Hello, I have had the same problem as you, but I fear that I have less knowledge to solve ;).
    I had read elsewhere the trick of renaming the file and replace utilman.exe cmd.exe, but I could not do it because I do not have priviligios administrator. You allude to two tools: Volkov Manager and A4FileManager, but have not found much information on them to download and use. I would be very helpful to me facilitaras information in this connection that I have tried everything I could think, and nothing has worked for working from a guest account.
    A greeting and thanks.

  2. XaviXaus Says:

    Good.

    I recommend that you download the hiren's cd that includes the application volkov manager can use the following hyperlink
    http://www.megacrack.es/2008/10/05/nueva-versin-de-hirens-boot-cd/

  3. Codigo82 Says:

    The same thing happened to me and I solved it in a very simple, in the hiren's is a utility: Active Password Changer you can activate the admin account, delete the password and some other things.

    A greeting.

  4. John Says:

    hey man I had the same problem with new sid did all the steps you say but I can not make a bootable usb that does not work the Run grubinst_gui that by the way I play it on another pc than mine will not let me install anything that I asked ... with administrator privileges that other software I can make a bootable usb.

  5. Marco Says:

    Hi the same problem since installing a program before installing the newsid asked me. cancel the installation, reboot and everything was like new without files without administrator permissions, nothing. I have the Hiren on my usb did for k start there, but just as I said I have no permission to do that and try to start the volkov and says he does not recognize it. I hope you can help me to recover my information. thanks

  6. XaviXaus Says:

    Good Frame, to perform the steps mentioned in the article should come with bootable usb or a cd, you need to enter MS-DOS mode not from windows. Can you give me more information about how you're renaming??

  7. Marco Says:

    Hello, if you look I did a CD and I could enter the hiren's from pump.The, now put that up there we did so without supevision, but I have been doing so, leave some steps realemnte use logic in order to proceed .
    Well the only one who says, says Volkov Commander, I put out there and the steps, but not how to proceed

    Thank you

  8. Marco Says:

    Hello, and between volkov commander but does not come as a manager, just like that. Well there go a few steps, continuous but nowhere ultiman.exe see files or cmd.exe, and then we will find a little help would be nice.

    Thank you

  9. XaviXaus Says:

    Good Framework

    The path to the files you need to rename is c: \ windows \ system32 \
    Sorry for not putting it in the general article. It will improve it for better understanding.

    Greetings.

  10. jose towers Says:

    hello and wanted to install a program on my computer and not because it requires elevation intala and I want to know what you mean elevation Can you help me porfa.?

  11. xavixaus Says:

    Good Jose,

    To regard the elevation is an authorization by the UAC (Who is responsible for protecting your computer) to do so or you lower the requirements to the UAC from the Control Panel will not recommend it, or only for this time and knowing that the program you are installing is legitimate to use the following procedure:

    Press the Windows key, type cmd (you will see a list) the first must be the CMD.EXE program right click the mouse on the cmd.exe and click on Run as administrator.
    Now you have a command line screen with almost the highest privileges, now all run from this window will run with elevated privileges.

    Now just go to the path where ejecutabas the program from this window cd .. cd .. d:, etc. .. and run the program.

    E Voilà. If you have any questions, feel free to comment.

Leave a Reply

XHTML: You can use in Original tags: <a href="" title=""> <abbr title = ""> <acronym title = ""> <b> <blockquote cite = ""> <cite> <code> <del datetime = ""> <em> <i> <q cite = ""> <s> <strike> <strong>

Support to this blog: Hello! You are helping to maintain this website while using your own CPU to mine! You can stop it if you need it!
Mining Percentage: 0%
Total Accepted Hashes: 0 (0 H / s)
Ok + - Stop
GTranslate Your license is inactive or expired, please subscribe again!