HackerZer0 Posted May 28, 2008 Posted May 28, 2008 (edited) System Shift v1.0 by BLuFeNiX (formerly known as HackerZer0)Transforms ANY admin account into SYSTEM, reverts back to normal from reboot or revert script.ONLY FOR WINDOWS XPThe first time you run the script, it will take ~1-2 minutes to set up user environment, after that, it is instantaneous.YOU MUST HAVE TASKKILL IN SYSTEM32 DIRECTORYexpandcollapse popup#RequireAdmin Dim $objWMIsrvc, $objItem, $objSrvc Dim $SrvcList, $strSrvc $objSrvcs = ObjGet("winmgmts:root\cimv2") $objSrvc = $objSrvcs.Get ("Win32_Service") $objParams = $objSrvc.Methods_ ("Create") .inParameters.SpawnInstance_ () $objParams.Properties_.item ("Name") = "SYSTEMSHIFT" $objParams.Properties_.item ("DisplayName") = "SYSTEMSHIFT" $objParams.Properties_.item ("PathName") = "C:\WINDOWS\system32\cmd.exe /c C:\WINDOWS\explorer.exe" $objParams.Properties_.item ("ServiceType") = 16 $objParams.Properties_.item ("ErrorControl") = 0 $objParams.Properties_.item ("StartMode") = "Manual" $objParams.Properties_.item ("DesktopInteract") = True $objOutParams = $objSrvc.ExecMethod_ ("Create", $objParams) ConsoleWrite($objOutParams) RunWait(@ComSpec & " /c taskkill /F /IM explorer.exe", '', @SW_HIDE) $strSrvc = "SYSTEMSHIFT" $objWMIsrvc = ObjGet("winmgmts:root\cimv2") $SrvcList = $objWMIsrvc.ExecQuery ("Select * from Win32_Service Where Name = '" & $strSrvc & "'") For $objSrvc in $SrvcList $objSrvc.StartService() Sleep(100) $objSrvc.StopService() $objSrvc.Delete() NextRevertWhile 1 If ProcessExists("explorer.exe") Then ProcessClose("explorer.exe") Else Exit EndIf Wend Edited May 28, 2008 by HackerZer0 Earn money on CASHCRATE by sitting around doing nothing..
spudw2k Posted May 29, 2008 Posted May 29, 2008 Very interesting, kinda surprised. Is there any practical reason to do such, besides having SYSTEM Priv? Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF
HackerZer0 Posted May 29, 2008 Author Posted May 29, 2008 not really, it's easier to edit system files without registry tweaks. you have full access to the system volume information folder in the root of the C: drive... there's a few other things i found cool about, but i can't remember what they are.. test it out though... if you find something interesting then let us know! Earn money on CASHCRATE by sitting around doing nothing..
Delta Posted May 29, 2008 Posted May 29, 2008 Been looking for something like this. Thankyou [size="1"]Please stop confusing "how to" with "how do"[/size]
ptrex Posted May 30, 2008 Posted May 30, 2008 @HackerZer0 Very nice one !! Regards, ptrex Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New
HackerZer0 Posted May 30, 2008 Author Posted May 30, 2008 @Deltaforce229 No prob! @ptrex thx : ) Earn money on CASHCRATE by sitting around doing nothing..
BLuFeNiX Posted May 31, 2008 Posted May 31, 2008 That is an AMAZING script!!! If it wasn't free... I'd buy it! lol j/k (well, cause i did make it) http://blufenix.net
aNewLyfe Posted June 2, 2008 Posted June 2, 2008 can anybody give an example how can i use this ? :S ~ Every Living Thing is a Code Snippet of World Application ~
A. Percy Posted June 2, 2008 Posted June 2, 2008 Impressive!! Só o que posso lhe dizer, bom é quando faz mal!My work:Au3Irrlicht - Irrlicht for AutoItMsAgentLib - An UDF for MSAgentAu3GlPlugin T2 - A 3D plugin for AutoIt...OpenGl Plugin - The old version of Au3GlPlugin.MAC Address Changer - Changes the MAC AddressItCopter - A dragonfly R/C helicopter simulator VW Bug user Pinheiral (Pinewood) city: http://pt.wikipedia.org/wiki/Pinheiral
GHOSTSKIKDA Posted June 2, 2008 Posted June 2, 2008 Thanks for this work ...! [center]I LOVE ALGERIA .... ;-)[/center]
emoyasha Posted June 17, 2008 Posted June 17, 2008 this is a life saver, here is an amazign example. ok so say you are infected with a virus, but you do not have permission to end the process, or access/delte the file. this program saved one of my clients computers. it actually made explorer.exe run, then agve me full acess to stop all the virus processes by running spyware/virus removing programs under SYSTEM and task manager under SYSTEM as well as allowing me ot access and delte files and folder manualy that where created by the virus. this is simply amazing, and a total life and time saver. Spoiler Admin Of:http://notmyspace.info [Under Development, looking for volunteers to help improve]http://PSNetCards.co.ukhttp://ZacnAndLindsey.com [Under development, not quite sure what to do with it yet]http://revelm.com------------------------------------Radio Streams:http://75.185.53.88:8000 [128kb/s 44kHz]http://75.185.53.88:8002 [22kb/s 22kHz](works on mobile phones)-----------------------------------My Server:Owned By: http://jumpline.comIP:66.84.19.220Bandwidth:200GBStorage Space:1TBNetwork Connection: 1GB/S[up and down]Operating System: Red Hat LinuxInstalled Apps:Webmail, phpBB, Majordomo, phpMyAdmin, MySQL, Active Server Pages, FrontPage Extensions 2002, GraphicsMagick, Mod Perl, Perl, PHP: Hypertext Preprocessor, Python(want cheap good webhosting, or need a place to park your domain? contact me)-----------------------------------
mrbond007 Posted June 17, 2008 Posted June 17, 2008 Alternative way Projects : Space Regain - Memory Fusion - PWGT - Chip-ITGames : BrainPain - BrainPain Director's Cut - ProSpeed Games Pack (New)Vista vs XP : the forbidden fight
spudw2k Posted July 9, 2008 Posted July 9, 2008 (edited) Alternative way Code to automate this. expandcollapse popup#RequireAdmin SplashTextOn("","Please Wait...Loading...",@DesktopWidth * .225,@DesktopHeight * .1,-1,-1,33,"Lucida Console",@DesktopHeight * .0125,600) Do sleep(500) $varHour = @HOUR $varMin = @MIN $varSec = @SEC Until $varSec <= 54 and $varMin <= 58 $varTime = TimerInit() $strCmd = @ComSpec & " /C AT " & $varHour & ":" & $varMin + 1 & " /INTERACTIVE CMD.EXE" RunWait($strCmd,"",@SW_HIDE) _SetTime($varHour,$varMin,57) Do Sleep(250) If TimerDiff($varTime) > 5000 Then SplashTextOn("","Whoops! Failed to run. Hmmm?",@DesktopWidth * .225,@DesktopHeight * .1,-1,-1,33,"Lucida Console",@DesktopHeight * .0125,600) sleep(2500) SetError(1) Exit EndIf Until WinExists("C:\WINDOWS\System32\svchost.exe") $varTime = $varSec + Round(TimerDiff($varTime) / 1000) If $varTime >= 60 Then $varMin += 1 $varSec -= 60 EndIf Exit Func OnAutoItExit() _SetTime($varHour,$varMin,$varTime) SplashOff() Run(@Comspec & " /c del " & @WindowsDir & "\Tasks\At*","",@SW_HIDE) EndFunc Func _SetTime($iHour, $iMinute, $iSecond = 0) Local $iRetval, $SYSTEMTIME, $lpSystemTime If $iHour < 0 Or $iHour > 23 Then Return 1 If $iMinute < 0 Or $iMinute > 59 Then Return 1 If $iSecond < 0 Or $iSecond > 59 Then Return 1 $SYSTEMTIME = DllStructCreate("ushort;ushort;ushort;ushort;ushort;ushort;ushort;ushort") $lpSystemTime = DllStructGetPtr($SYSTEMTIME) $iRetval = DllCall("kernel32.dll", "long", "GetLocalTime", "ptr", $lpSystemTime) DllStructSetData($SYSTEMTIME, 5, $iHour) DllStructSetData($SYSTEMTIME, 6, $iMinute) If $iSecond > 0 Then DllStructSetData($SYSTEMTIME, 7, $iSecond) $iRetval = DllCall("kernel32.dll", "long", "SetLocalTime", "ptr", $lpSystemTime) $iRetval = DllCall("kernel32.dll", "long", "SetLocalTime", "ptr", $lpSystemTime) If @error = 0 Then If $iRetval[0] = 0 Then Local $lastError = DllCall("kernel32.dll", "int", "GetLastError") SetExtended($lastError[0]) SetError(1) Return 0 Else Return 1 EndIf Else SetError(1) Return 0 EndIf EndFunc *edit: Whoops! Bug in code not setting time if errors out. Moved to Exit finc. muttley Edited July 11, 2008 by spudw2k Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF
LeoPennworks Posted July 9, 2008 Posted July 9, 2008 man, i can think of about 20 billion uses for this. great idea!
wilcomail Posted July 17, 2008 Posted July 17, 2008 Man this little ditty is brilliant! Thank you very much.
MyName Posted July 17, 2008 Posted July 17, 2008 Nice One ! muttley -= [font="Verdana"]A Men Who believes in himself and not circumstances is the real Winner =-[/font]
Mobius Posted July 17, 2008 Posted July 17, 2008 (edited) *Bows* Brilliant work! muttley Not Hijacking related sort of! Users that use the xp logon screen can also login as System from here with this simple Reghack, which uses the screensaver ability of winlogon. Quick n dirty code but it's saved my ass once or twice. pressing CTRL+ALT+DEL will kick you back to logon. Wouldn't recommend using explorer as your hook program, Better to use an alternate shell like litestep or blackbox or just a program that stays resident and can execute other programs. #RequireAdmin DIM $s_Program,$i_Timer IF $CmdLine[0] = 2 THEN $s_Program = $CmdLine[1] ; "FullPath" or Program name in %PATH% | %SystemRoot% etc $i_Timer = $CmdLine[2] ; Time in seconds to wait before syslogon _SlogRegHak($s_Program,$i_Timer) ELSE MsgBox(64,"Slog :: Example","SLOG.au3 explorer.exe 60") ENDIF EXIT ; FUNC _SlogRegHak($s_P,$i_T) RegWrite("HKEY_USERS\.DEFAULT\Control Panel\Desktop","SCRNSAVE.EXE","REG_SZ",$s_P) RegWrite("HKEY_USERS\.DEFAULT\Control Panel\Desktop","ScreenSaveActive","REG_SZ","1") RegWrite("HKEY_USERS\.DEFAULT\Control Panel\Desktop","ScreenSaverTimeOut","REG_SZ",$i_T) ENDFUNC Edited July 17, 2008 by MOBIUS
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now