If you think Administrator has the largest privileges onto the computer, then you are wrong. There is a user who is named SYSTEM. SYSTEM has full control of the operating system and it’s kernel. If you open windows task manager (press ctrl+alt and delete) you will see that System User controls several processes. These processes cannot be closed by Administrator. In this tutorial we will see how to trick Windows into running our desktop as System. So we’ll get a much greater privileges over computer.
Here we go:
1. open up command prompt and type:
If it responds with an “access denied” error, then we are out of luck, and you’ll have to try another method of privilege escalation; if it responds with “There are no entries in the list” (or sometimes with multiple entries already in the list) then we are good. Access to the at command varies, on some installations of Windows, even the Guest account can access it, on others it’s limited to Administrator accounts.
2. if you can use the at command, which is basically a task scheduler, then enter a command similar to something like mine
at 23:27 /interactive "cmd.exe"
the time is usually a minute (or two) ahead of your present time in the 24 hours format.
3. When the system clock reaches the time you set, then a new command prompt will magically run. The difference is that this one is running with system privileges (because it was started by the task scheduler service, which runs under the Local System account). It should look like this:
You’ll notice that the title bar has changed from cmd.exe to svchost.exe (which is short for Service Host).
4. End the current Explorer.exe. [hit ctrl+alt+del->task manager->processes]
5. At the system command prompt, enter in the following:
6. Hurray! …user System logged in!
FIX: Open the services control panel (Start > Run > services.msc) and disable the Task Scheduler service.