Forum Thread: Potential Privilege Escalation Vulnerability (Windows 7)

First off, many thanks to the wonderful community here on nullbyte, who sparked in me the interest towards hacking and security research.

Recently I discovered something which I find quite interesting :

In my school, all the PCs ( Win 7 ) in the labs allow only guest access to students, and even then, the option of changing the desktop wallpaper has been disabled for normal users.(Don't know how, but the Personalize menu ( right click -> Personalize) states that "One or more of the settings on this page has been disabled by the System Administrator.") .

Now, even after this restriction, if I open an image in Firefox and then right click -> set as background, it is able to change the background .

Now, is there a way to reverse engineer the Firefox app and find a way to bypass the admin privileges needed to make serious changes to a system.

Just thought it might be possible, but don't know how to proceed.

Please guide me on how to investigate further in this direction.

Thanks for reading along,
Bravo Mike

2 Responses

So, I suppose that the computers are in the domain. Thats why if you wanna change something that concerns system preferences, u get the request to login using an admin account or it reads-"One or more of the settings on this page has been disabled by the System Administrator." Because the system administrator just disabled some prozesses(u can google how to do it)

  • Moreover I think that there is nothing suprising that u can change ur background :) it doesnt need the admin account.

I cannot offer the help you want since I am a noob myself but I just want to tell you that your title is a bit misleading and it would help others if you tune it in a form of asking a question.

Share Your Thoughts

  • Hot
  • Active