Open a command prompt with system rights in Vista (and XP)

Published April 13, 2008 |

First of all, download psexec from the Microsoft website.
http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx

From and elevated/admin command prompt (cmd.exe, "run as administrator"), run psexec –s cmd.exe

C:\>whoami
peter

C:\>psexec -s cmd.exe

PsExec v1.83 – Execute processes remotely
Copyright (C) 2001-2007 Mark Russinovich
Sysinternals – www.sysinternals.com

C:\Windows\system32>whoami
nt authority\system

C:\Windows\system32>exit
cmd.exe exited on LAPTOP1 with error code 0.

C:\>

Type ‘exit’ to exit the "system" command prompt.
You can launch any other tool from that prompt, and it will inherit your system rights

Posted in Windows Client OS | Tagged cmd-with-system-privileges-win-xp, cmd-with-system-rights, command prompt, command-prompt-system-right, elevate-command-prompt-exploit-vista, elevated-cmd-exploit, how-to-open-elevated-command-prompt-psexec, metasploit-command-prompt-system-rights, open-command-prompt-system, psexec, psexec-elevated-command-prompt, psexec-start-elevated-command-prompt, psexec-v1-83-download, psexec-with-elevated-cmd-exe, psexec-xp-whoami, russinovich, sysinternals, system permissions, vista, xp

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::