Forum Thread: Potential Privilege Escalation Vulnerability (Windows 7)

First off, many thanks to the wonderful community here on nullbyte, who sparked in me the interest towards hacking and security research.

Recently I discovered something which I find quite interesting :

In my school, all the PCs ( Win 7 ) in the labs allow only guest access to students, and even then, the option of changing the desktop wallpaper has been disabled for normal users.(Don't know how, but the Personalize menu ( right click -> Personalize) states that "One or more of the settings on this page has been disabled by the System Administrator.") .

Now, even after this restriction, if I open an image in Firefox and then right click -> set as background, it is able to change the background .

Now, is there a way to reverse engineer the Firefox app and find a way to bypass the admin privileges needed to make serious changes to a system.

Just thought it might be possible, but don't know how to proceed.

Please guide me on how to investigate further in this direction.

Thanks for reading along,
Bravo Mike

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

2 Responses

So, I suppose that the computers are in the domain. Thats why if you wanna change something that concerns system preferences, u get the request to login using an admin account or it reads-"One or more of the settings on this page has been disabled by the System Administrator." Because the system administrator just disabled some prozesses(u can google how to do it)

  • Moreover I think that there is nothing suprising that u can change ur background :) it doesnt need the admin account.

I cannot offer the help you want since I am a noob myself but I just want to tell you that your title is a bit misleading and it would help others if you tune it in a form of asking a question.

Share Your Thoughts

  • Hot
  • Active