not really programming and probably butchered the execution on that cmd but this felt like the only place it would be funny to post it
not really programming and probably butchered the execution on that cmd but this felt like the only place it would be funny to post it
at this point just login as system or trustedinstaller lol for elevated stuff i usually use 7zip as admin or system(nircmd)
You can log in as trustedinstaller???
do you mean like accessing your files in the 7zip interface? I hadn’t thought of using that for anything besides zipping. that’s clever
PS C:/Users/you> .\psexec.exe /s /i cmd.exeThat looks like it would only grant a system level cmd prompt. TrustedInstaller has a bit more access.
trustedinstaller is a placeholder
system can R/W to everywhere trustedinstaller can
Welcome to today’s 10,000 (totally not trying to be offensive, learning is great).
TrustedInstaller is actually a service that was introduced with Windows Vista with the intention of preventing modification of system files. It typically is the “owner” of damn near everything in default Windows directories.
A fun way I typically show off the limitations of the system account is by telling people to try to delete a protected resource, like Windows Defender’s directories. Then try it again when running with TrustedInstaller’s rights and you’ll possibly find yourself just staring at your screen thinking about how useful that could be.
idk if its system or trustedinstaller that i literally logged into and launched a “user session”, its been a while since i played around windows. but yeah it kinda works although it breaks explorer heavily (lol)
just use a normal admin user and use nircmd to run 7zip totalcmd etc as SYSTEM
Edit: I was scrolling back up and realized I responded to the wrong person about the psexec thing. I apologize for any misunderstanding (I’m gonna leave it because its still kind of good info in there and I suck at typing on mobile).
I’m not a fan of psexec anymore, in a lot of environments is blocked or gets picked up by overzealous AV. Might I suggest using using something like NTObjectManager to just spawn a child process of TrustedInstaller?
It works really well, I’ve never seen it flagged by AV, and it’s nice being able to remove shit that system can’t. One thing I had a hard time getting away from PSExec for was remote sessions when remote management was turned off. Thankfully you can just invoke-command to call cmd and enable WinRM remotely… Goddamn I hate Windows but love the simplicity to utilized it’s “under documented” features.