IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New There is a way.
Simple example: use at to open a cmd prompt. You'll be surprised at what that prompt has access to. (hint: it's *more* than Administrator.) Disclaimer: I have not tested this as a pleb.

I saw this some months ago as a way to modify some certain Registry Keys in the locals Users area* that even Administrator can't even see, let alone change. Windows security is just so complex and poorly documented...**

Wade.

* not the local user's area, the local users area.
** to which I suspect people are going to disagree. :-)

Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed
 
Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please

-- "Anything but Ordinary" by Avril Lavigne.

New It's LocalSystem
And yes, it's more than Administrator, on local machine.
I could not find an easy way to disable it, apart from disabling the schedule service. What a sordid mess! It should run as the user that scheduled the action, not as LocalSystem.

--


And what are we doing when the two most powerful nations on earth -- America and Israel -- stomp on the elementary rights of human beings?

-- letter to the editor from W. Ostermeier, Liechtenstein

     Undetectable VX2!!!!!! - (Andrew Grygus) - (39)
         Maybe because it isn't the traditional one? - (folkert) - (3)
             This one was real VX2 . . - (Andrew Grygus) - (2)
                 Is there even room to fit one more nail? ;-) -NT - (n3jja) - (1)
                     Depends on how many infections a given machine has. -NT - (ben_tilly)
         Re: Undetectable VX2!!!!!! - (andread) - (3)
             Of course. -NT - (Andrew Grygus) - (2)
                 Yeap, just like that. - (folkert) - (1)
                     My root post for this thread did refer to . . - (Andrew Grygus)
         Assuming that I am a complete dolt, - (Arkadiy) - (29)
             Rootkit worms for windows abound - (jake123)
             Well, just for starters . . - (Andrew Grygus) - (8)
                 Apart from the first point - (Arkadiy) - (7)
                     Let's see, point #3 - (jake123) - (5)
                         Sounds like the OS/2 WPS (ducks, runs) -NT - (altmann) - (2)
                             Nah, Office has users. - (pwhysall)
                             :) - (jake123)
                         Sounds like Gnome - (Arkadiy) - (1)
                             No, another disagreement here. - (folkert)
                     On our network... - (Steven A S)
             Win32 message service - (inthane-chan) - (18)
                 If you're not an admin, you don't have - (Arkadiy) - (17)
                     Nope. I have a machine at work. - (folkert) - (16)
                         I don't know :( - (Arkadiy) - (13)
                             I don't agree with your assessment. - (folkert) - (12)
                                 That I don't understand - (Arkadiy) - (11)
                                     That's where messaging comes in. - (inthane-chan)
                                     Not like Windows... - (folkert) - (6)
                                         It was quite helpful - (Arkadiy) - (5)
                                             It isn't documneted the way you'd think. - (folkert) - (4)
                                                 Well, the only things that grant access to file system - (Arkadiy) - (3)
                                                     Then how do you explain the fact that it happens? - (folkert) - (2)
                                                         I have no explanation that I am sure of. - (Arkadiy) - (1)
                                                             Thank you. (new thread) - (folkert)
                                     Re: That I don't understand - (andread) - (2)
                                         Are they members of other groups? - (Arkadiy) - (1)
                                             Domain Users -NT - (andread)
                         There is a way. - (static) - (1)
                             It's LocalSystem - (Arkadiy)
         VX2 on 2 servers - (andread)

Gradualism only goes so far.
97 ms