DaUberBird Posted November 1, 2006 Share Posted November 1, 2006 After some looking at Windows XP exploits and etc I was able to make a script that created a service which ran a program. I was having trouble getting the thing to run something out of the System32 directory, so if the program is not in the system32 directory, it will create a shortcut to it that can be run. This will NOT work in guest accounts or limited accounts, so you can't hack your friend's computer =(. expandcollapse popup; ---------------------------------------------------------------------------- ; ; AutoIt Version: 3.1.0 ; Author: DaUberBird ; ; ---------------------------------------------------------------------------- ; Script Start - Add your code below here $filename =InputBox("System Run As", "Enter the name of the .exe you want to run.") $workindir =InputBox("System Run As", "Enter the name of the working directory it is in." & @LF & "(Leave blank if in system32 or in current directory)") If $workindir = "" Then _SystemServicesRun($filename) Else _SystemServicesRun($filename, $workindir) EndIf ;Runs a program at system level by creating a service and running it. ;When using don't put in a whole file path ;Examples: ;Running a command prompt at system level: _SystemServicesRun("cmd") ;Running C:\Documents and Settings\Username\Desktop\myexe.exe: _SystemServicesRun("myexe.exe", "C:\Documents and Settings\Username\Desktop) Func _SystemServicesRun($name, $workingdir = @ScriptDir) $systemfile = 0 ;Checks if file is in the working dir with no \ If FileExists($workingdir & "\" & $name) = 1 Then $filepath = $workingdir & "\" & $name $shortcutpath = @SystemDir & "\tmpshortcut.lnk" FileCreateShortcut($filepath, $shortcutpath) $name = "tmpshortcut.lnk" $systemfile = 0 Else ;Checks if file is in the working dir with a \ If FileExists($workingdir & $name) = 1 Then $filename = $workindir & $name $shortcutpath = @SystemDir & "\tmpshortcut.lnk" FileCreateShortcut($filepath, $shortcutpath) $name = "tmpshortcut.lnk" $systemfile = 0 Else ;If it is not in the dir w/ a "\" or w/out a "\" then it assumes it is in the system32 folder $systemfile = 1 EndIf EndIf ;creates a service called runsyslevel that runs the program $first = Run('sc.exe create runsyslevel' & $name & ' binpath= "cmd /C start ' & $name & '" type= own type= interact', "", @SW_HIDE) ProcessWaitClose($first) ;runs the service $second = Run("sc.exe start runsyslevel" & $name, "", @SW_HIDE) ProcessWaitClose($second) ;deletes the service $third = Run("sc.exe delete runsyslevel" & $name, "", @SW_HIDE) If $systemfile = 0 Then ;If a shortcut was created, delete it FileDelete($shortcutpath) EndIf EndFuncSystemLevelRun.au3 Link to comment Share on other sites More sharing options...
HackerZer0 Posted November 27, 2006 Share Posted November 27, 2006 or you could just use THIS...wich logs you on as the system account, so any program run will be from SYSTEM... dont worry the delay where everything dissapears is supposed to happen, you should only be concerned if it happens for longer than 59 seconds... $file = FileOpen("System Shift.bat", 1) $min = @min + 1 $p = "explorer.exe" FileWriteLine($file, "@echo off") FileWriteLine($file, "at " & @hour & ":" & $min & " /interactive " & $p) FileWriteLine($file, "del %0") FileClose($file) Run("System Shift.bat") Sleep(100) Run("taskmgr.exe") WinWaitActive("Windows Task Manager") WinMove("Windows Task Manager", "", 321, 138) Sleep(40) MouseClick("left", 431, 203, 1) Sleep(40) MouseClick("left", 536, 365, 1) Sleep(40) Send("explorer") Sleep(40) MouseClick("left", 650, 532, 1) Sleep(40) MouseClick("left", 475, 450, 1) ProcessClose("taskmgr.exe") have fun... you can now access the System Volume Information folder in the c: (or wutever your main drive is) drive...and other things Earn money on CASHCRATE by sitting around doing nothing.. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now