Windows 3.1 SYSTEM account

Discuss Windows 2000, NT, XP and Windows Server 2000, 2003, SBS 2003.
Post Reply
oureveryday
Posts: 6
Joined: Wed Jun 28, 2017 7:04 am

Windows 3.1 SYSTEM account

Post by oureveryday »

It's true.Follow the guide to enter it.
1.Log as ADMINISTRATOR.
2.Run "regedt32".
3.In the registry

Code: Select all

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Change the string of the "shell"to

Code: Select all

cmd,wowexec
(This will run "cmd"at logon,not "progman")
4.Run "Control Panel",Then run "Services",Make sure service "Schedule"is on and in the "Startup"Log on as SYSTEM account.
5.Log out,Then log on as ADMINISTRATOR again.
6.In the "cmd",run "

Code: Select all

at time cmd
"(Let "time" be changed to the next minute of system time,This will run "cmd"as SYSTEM account at the time specified by "time")
7.Wait for "cmd" to open.(If "cmd" is not open,retry step 5)
8.In the opened "cmd",run "progman".
9.Enjoy the SYSTEM account!

ps:This is my first post.Sorry for my English.

ImageImageImageImageImageImageImage

HanayoPlus LP
User avatar
Posts: 6
Joined: Tue Jul 03, 2018 3:30 pm

Re: Windows 3.1 SYSTEM account

Post by HanayoPlus LP »

well the trick using at.exe seems still can be work in XP or previous versions

roytam1
Posts: 734
Joined: Mon Nov 03, 2008 6:15 am

Re: Windows 3.1 SYSTEM account

Post by roytam1 »

"NT" is missing in title.

iProgramInCpp
Posts: 17
Joined: Sun Dec 16, 2018 2:21 pm

Re: Windows 3.1 SYSTEM account

Post by iProgramInCpp »

does StickyKeys exist in WinNT 3.1?

AlphaBeta
User avatar
Donator
Posts: 2437
Joined: Sun Aug 12, 2012 4:33 pm
Location: Czechia

Re: Windows 3.1 SYSTEM account

Post by AlphaBeta »

iProgramInCpp wrote:does StickyKeys exist in WinNT 3.1?
First of all, I don't see how is this related to getting SYSTEM account access in NT 3.1. To answer your question, no, StickyKeys didn't appear until Windows 95 (and presumingly Windows NT 4.0 as well).
AlphaBeta, stop brainwashing me immediately!

Image

3155ffGd
User avatar
Posts: 391
Joined: Wed May 02, 2012 12:57 am

Re: Windows 3.1 SYSTEM account

Post by 3155ffGd »

IIRC, there's a far easier way that involves simply setting your screensaver to cmd.exe. Because setting the screensaver does not require any administrative rights it's a nice privilege escalation exploit. Got fixed around NT4 or so, though.

iProgramInCpp
Posts: 17
Joined: Sun Dec 16, 2018 2:21 pm

Re: Windows 3.1 SYSTEM account

Post by iProgramInCpp »

Or use the SetHC.exe exploit.

AlphaBeta
User avatar
Donator
Posts: 2437
Joined: Sun Aug 12, 2012 4:33 pm
Location: Czechia

Re: Windows 3.1 SYSTEM account

Post by AlphaBeta »

iProgramInCpp wrote:Or use the SetHC.exe exploit.
The world would be a beautiful place if people checked their facts before recklessly posting. There is no sethc.exe in Windows NT 3.1.

Also this is not an exploit. Exploits are used to gain access to a computer. If you are able to swap system files around, then you kinda already have that access.
AlphaBeta, stop brainwashing me immediately!

Image

Amaroq-Starwind
Posts: 12
Joined: Thu Feb 21, 2019 8:49 pm
Contact:

Re: Windows 3.1 SYSTEM account

Post by Amaroq-Starwind »

This borders on technomancy to my eyes. Thankfully, though, it doesn't work on modern versions of Windows, otherwise it would have serious potential to be abused.

Lucas Brooks
Posts: 773
Joined: Sat Oct 20, 2018 11:37 am
Contact:

Re: Windows 3.1 SYSTEM account

Post by Lucas Brooks »

Or much easier, use systemcmdtool.exe I found on my hard drive. It has a few versions, it works from NT 3.1 to Windows 10. I can't post a link because it is "suspicious". Go to Google and search for it.

You can also run cmd.exe as SYSTEM without softwares and the sethc.exe is one of them. To run apps as SYSTEM, you need at lease admin rights in Vista and later.
Offtopic Comment
In modern versions of Windows, you are logged in as SYSTEM all the time. You account is just another layer on the SYSTEM account. If you log out and you will be only logged in with SYSTEM then you can start explorer.exe to see the SYSTEM account desktop and taskbar (although you can't open File Explorer).

AlphaBeta
User avatar
Donator
Posts: 2437
Joined: Sun Aug 12, 2012 4:33 pm
Location: Czechia

Re: Windows 3.1 SYSTEM account

Post by AlphaBeta »

Offtopic Comment
ComputerHunter wrote:In modern versions of Windows, you are logged in as SYSTEM all the time. You account is just another layer on the SYSTEM account. If you log out and you will be only logged in with SYSTEM then you can start explorer.exe to see the SYSTEM account desktop and taskbar (although you can't open File Explorer).
I am not quite sure how did you end up with this conclusion, since this statement is horribly wrong. What you've said is that you always work in the corridor since you can leave the office and move your desk to the corridor.
AlphaBeta, stop brainwashing me immediately!

Image

Lucas Brooks
Posts: 773
Joined: Sat Oct 20, 2018 11:37 am
Contact:

Re: Windows 3.1 SYSTEM account

Post by Lucas Brooks »

Offtopic Comment
The SYSTEM account is what you are logged in with before you log in using your account, all the critical tasks are still running under SYSTEM, LogonUI is an app that logs you on. It is internally logged on for Windows to work. If you log SYSTEM out, which means killing all the tasks under it, you will find it is impossible and if you kill a critical task, you will get a blue screen.

Also read here: https://support.microsoft.com/en-au/hel ... in-windows

Post Reply