Before the evil eight to see the admin Account you can use plan the task execution program to obtain SYSTEM privileges.
Then yesterday saw someone Blog on a tool, saying that anyone perform can be give SYSTEM permissions to the CMD. I think he said that may is the permission to know is not particularly large, or if the User execution also can get SYSTEM permissions of the cmd, then get to the WebShell is substantially equal to get to the server, huh.
But now, if you say so, I still download down to try, in case be met a What good stuff yet. The test results of course is only from the admin account give SYSTEM permissions to the CMD to mention the right to nothing.
But don't know this gadget is by what to get SYSTEM permissions, it should not use plan task, thrown into the IDA inside with a little, found is by creating a service. Open the Service Manager, and sure enough found the newly added service. As shown in Figure:
The principle is clear, but I'm still to Google search, found two related articles. An article called the use of the service create the SYSTEM permissions CMD for, maybe it and of this gadget.
In addition an article is a abroad a large cattle in the MSDN Blog, it is called the Running CMD.EXE as Local System action.
This person says a direct use of the sc command to create a service to run the SYSTEM permissions of the CMD method, test the following, it really is very easy to use. I write it as a simple Batch, the same can get SYSTEM permissions CMD:
sc Create SuperCMD binPath= "cmd /K start" type= own type= interact sc start SuperCMD
The effect is as follows figure:
Note that the start of the service, the prompt fails to start, but CMD still POPs up.