i found this when i accidently put CMD in my task manager:
________________________________________________________________
To start, lets open up a command prompt (Start > Run > cmd > PRESS ENTER).

At the prompt, enter the following command but replace 15:25 with 2 mins after current system time


(dont forget to replace 15:25 with 2 minutes after current system time)

at the time set a new CMD box will magicaly appear

You'll notice that the title bar has changed from cmd.exe to svchost.exe (which is short for Service Host)
close the first CMD box but leave svchost open

now press CTRL+ALT+DEL, In task manager, go to the processes tab, and kill explorer.exe; your desktop and all open folders should disappear, but the system command prompt should still be there.

in the command prompt that remains type explorer.exe

A desktop will come back up, but what this? It isn't your desktop. Go to the start menu and look at the user name, it should say "SYSTEM". Also open up task manager again, and you'll notice that explorer.exe is now running as SYSTEM. The easiest way to get back into your own desktop

You are now the God of the windows machine

Abnormalities & experimentation

I've noticed different results depending on the service pack and hot fixes installed; for example, sometimes when I try to open the user control panel applet, I get a error saying user not recognized, and the location where the Local System account profile is stored also varies. I haven't had much time to explore this, so if you find anything else, please use the email address found in the contact section of this article, and send a note my way.

A quick fix

A way to prevent this from happening at all, would be to make the task scheduler service run under a unprivileged account. You can do this by opening the services control panel (Start > Run > services.msc), and right clicking "Task Scheduler" and going to the Log On tab. Change it to "This Account" and enter the account information you want it to use (has to be an existing account) then restart the service. This may break some programs that use the Task Scheduler and depend on it for SYSTEM access; you have been warned. Otherwise, simple disable the Task Scheduler service.

This post has been edited by XPkiller: Apr 28 2007, 12:00 PM

Wow... I printed this one out for future reference! Gotta love Windows! But this really shows you how dumb Microsoft really is. There might even be other tricks too... such as executing malicious code or what not at a time. In other words, your system could be a ticking time bomb and the malicious code could really do some damage (especially being "god windows user").

[N]F

Its amazing that there is such a huge hole in their Operating System. Though, most come to expect things like this from microsoft, not something as massive as this!

Do you know which versions of Windows does this effect? Only XP, or does it go back a few versions?
-jimmy

Wow I wonder if Microsoft knows about it little trick, would it possible to do this on another computer through the net if you had a good trojan put in place?

Unfortunatly i only have XP, so cant try it on older versions but im sure it would work

and im also fairly sure the Trojan thing would work too

What are the benefits?

This was discussed before in: http://astahost.com/windows-scheduler-can-...hts-t13956.html

Anyways, I submitted this security threat to Secunia a few months ago, but they didn't look at it. But this could make a limited account even higher than Administrator on the computer (it doesn't work on the Guest account though, my friend tried it out).

But, yeah, someone could probably remotely trigger this command. It's not that hard to start and kill a task you know?

i did it at school back in the good old times when my sys admin forgot to disable the cmd

lol, that was quite funny

nice xpkiller

I suggest Linux for that reason. Now I have another prove to feel me insecure using windows and safer with Linux. "A patched system will ever have new holes, including the patches".
Blessings!