Government Security
Network Security Resources

Jump to content

Photo

Taskkill command won't kill process

  • Please log in to reply
8 replies to this topic

#1 akaal108

akaal108

    Private

  • Members
  • 2 posts

Posted 27 April 2008 - 09:22 PM

Basically I am a local user on an xp sp2 machine, there are few processes started by administrator which i m trying to kill via taskkill command in .exe file. It won't work- it says access is denied. How can i make this work? any suggestions?

#2 caronet

caronet

    Private First Class

  • Members
  • 41 posts

Posted 27 April 2008 - 10:41 PM

Basically I am a local user on an xp sp2 machine, there are few processes started by administrator which i m trying to kill via taskkill command in .exe file. It won't work- it says access is denied. How can i make this work? any suggestions?



Sounds like a privilage issue to me. Try doing it from an adminstrator account.

#3 Exploter

Exploter

    Private

  • Members
  • 19 posts

Posted 27 April 2008 - 11:15 PM

you can try apt here:
http://www.diamondcs...dseries/apt.php
but still if you only local user dont evan try :\

#4 akaal108

akaal108

    Private

  • Members
  • 2 posts

Posted 28 April 2008 - 09:36 AM

Thanks for your replies guys,

would exploit mentioned in the following thread work?

http://www.governmen...amp;hl=taskkill

#5 Ryan M

Ryan M

    Global Moderator

  • Colonel
  • 1,742 posts

Posted 28 April 2008 - 11:03 AM

But I don't think it's possible to call the "at" command, if you only have access to the guest-acc like you said. To use "at" in order to elevate your privileges, you must already have admin-status.


As mentioned, you already have to be an Admin or Equal. I'm sure those tasks running are there for a purpose, otherwise they wouldn't be in place. If you are at work, playing with them can get you fired, if you are at school, you can get suspended/expelled (trust me on that one). Best advice I can give is to quote The Beatles..."Let it be"
There is no security on this earth. Only opportunity.
-Douglas MacArthur

GSO Compiled Exploit Database
----------------------------------------
[b]Mod at GovernmentSecurity

#6 caronet

caronet

    Private First Class

  • Members
  • 41 posts

Posted 28 April 2008 - 11:19 AM

Thanks for your replies guys,

would exploit mentioned in the following thread work?

http://www.governmen...amp;hl=taskkill



I don't think it would. As well as what the above poster said, most guest or local user accounts also can't schedule. Or, at least a good admin will prevent it.

#7 Opawesome

Opawesome

    Private First Class

  • Members
  • 31 posts

Posted 01 June 2008 - 04:59 PM

I don't think it would. As well as what the above poster said, most guest or local user accounts also can't schedule. Or, at least a good admin will prevent it.



A good admin would also typically prevent the use of the cmp prompt.
Which leads me to the following question, is there any way to use the AT technique without access to the command prompt ?

#8 Edu

Edu

    First Sergeant

  • Members
  • 2,269 posts

Posted 01 June 2008 - 05:15 PM

the at is not an NT Command prompt internal command, it is a command line application, so even if the admin has disabled access to command prompt, users would still be able to run it, however if they dont have admin privileges they will NOT be able to schedule something to run as SYSTEM, just as the self user.

Next time please have a look at topic dates before posting and do a better search, this issue has widely been discussed here and in other places. Usually it is ok to bump up an old thread IF you have something very good to ADD or update
http://www.secumania.net - Secumania security blog.


Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!

#9 Opawesome

Opawesome

    Private First Class

  • Members
  • 31 posts

Posted 02 June 2008 - 04:52 AM

the at is not an NT Command prompt internal command, it is a command line application, so even if the admin has disabled access to command prompt, users would still be able to run it, however if they dont have admin privileges they will NOT be able to schedule something to run as SYSTEM, just as the self user.


at 0:00 /interactive "cmd.exe"

Yes, AT will run but then you will get an error when it will try to execute cmd.exe (considering SYSTEM still has access to commmand prompt)

Anyway, sorry for the bumb... I thought 1 month wasn't too old