24
beleg
117d

Anyone remembers that in windows XP you coud set any exe as screen saver, and it would run on time, even before you log into any user, as a default system user with administrator privileges?

Comments
  • 5
    Joy can do something similar with Sticky keys. Change the exe to cmd, and you'll be able to run cmd as system before login.
  • 9
    @olback this was even possible without being an admin, just boot with any Linux live USB and rename cmd.exe to the usual program linked to the sticky key.

    I used to send messages to the Active Directory accounts of my friends at school using this "trick". It'd show up as an admin account that sent the message and they had no clue it was me. Good times.
  • 4
    In XP you could also login with administrator privileges via the help button of your login screen ...
  • 4
    Didn't know this, will remember for pentesting reasons πŸ˜„
  • 4
    @linuxxx XP has more holes than sponge cake. 🀷🏻‍♀️
  • 3
    Don't even need all that. Just run AT with a program you want to run and set the time to a second from now, all within the console.

    Even better, tell it to start cmd.exe, so when the new prompt pops up you're the system user, then kill your own explorer.exe process from task manager and run "explorer.exe" in the system shell. It'll switch your entire logged in user session to the system user and you can use the entire machine as such - not just the command prompt or some dinky EXE.

    Also, stop using XP, it's wildly insecure. Actually, stop using windows.
  • 0
    @junon lol thanks, I know! It's just the the weekly rant about the dumbest security bug you've ever seen. Arbitrary executables as screen saver and running them outside any session is definitely the dumbest I've seen. πŸ˜… I can guess someone back in the MS had decided that their users' experience is more important πŸ˜‚πŸ˜‚
  • 2
    Oh so THAT'S why we saw that huge decline in cool screen savers during the post-XP era.
Add Comment