Hacking Windows TrustedInstaller (GOD MODE) 

Cheers, was checking the comments for the link, wanna check it out myself and get some more context. Maybe pin it to the top (atm its somewhere down your own page)? Great vid, cheers man.

@@daanmageddon Hmmm, it should be a pinned comment, and is now in the description -- sorry I hadn't had it there earlier! Thanks so much for watching! 💙

Challenge for you, try disabling the delivery optimization service without touching the registry. (i don't know about windows 11 but its pretty tough on windows 10).

:3 Shalom.

:3 Reddit is thankfully just 200+ million Google Play downloads for how toxic it gets. Cesspool, indeed. I almost entirely avoid using it. A lot of inaccurate info, down voting anything they don't like, getting banned by groups easily, far-left cancer, far-right cancer, etc.

If you use Linux, it is easier to brick your system! Give it a try lol.

​@@vidal9747this is the way

@@vidal9747 its also easier to fix.

@@vidal9747 If your'e bricking anything, then you just dont know wtf youre doing isnt it lol

linux, afterward: "Welcome to systemd emergency mode!"

I want to like this fun and interesting content about getting back control of Windows, but at the same time I just see this as a bunch of BS steps to get around something that shouldn't have been in the way in the first place, it's so hard to be unbiased about OSs when Windows is this bad lol

​@@bluelindenSystemd? More like grub recovery shell!

​@@KCKingcollinIt's incredibly that in old machines, Linux LITERALLY GIVE YOU PERMISSION to destroy the BIOS of the system, that's how powerful it is.

@@SleepTime-Dark That's actually something I didn't know, that's kinda cool, but also sounds dangerous lmao

The problem is the commenters don't know how to do it themselves. And if they don't know something, no one should do that, right? ; )

gpt for the win | in this case

@@elijahjflowers GPT is only good for surface level stuff,i.e. questions that are already answered somewhere on the internet. It's basically useless for any questions that aren't in some way already answered.

​@@boltez6507 - GPT = a web-scraper mostly from Wikipedia, which you could do yourself in seconds with better focus. lol

That's known as a X Y problem

Amazing idea 😆

That shit would be hilarious

we do a little trolling

THAT HAS TO BE VIDEO, make it happen, i wanna see, im already laughing out loud of the IDEA that they wouldnt find a BROWSER anywhere on windows of all places!

why imagine when you can do?

Windows XP were the golden days of computers... I still have a VM on my PC where Windows XP Professional 64-Bit is installed... I even copy-pasted the Pinball Game into Windows 10 AND IT STILL WORKS despite being soooo goddamn old... Also, you make great videos, i love them ❤

This to this date can happen if you run explorer.exe as TI or "NT Authority\System" I think he didn't GUI of notepad.exe on 13:28 because he wasn't running explorer.exe as "NT Authority\System" (He ran privileged command prompt from Sysinternals as System)

I didn't know that :o Man I *just* came here after watching one of your videos xd

@@HoneypawsModsDE I think they just scrapped it because they couldn't make it run native x64 in time and didn't want to use WoW64 🤔 One beauty of Windows, the backwards compatibility

Great to see you here Eric, I have been loving all your recent videos! 😁

the single worst thing about reddit is that you get suggestions and advice instead of answers when you come there with a question. I DO NOT ASK HOW BIG IS THE ROOM I SAID "I CAST FIREBALL"

I found Reddit to be an absolutely creepy place. Tried it for a short while…nope, not for me.

Reddit is a hivemind of group think. You made a great decision.

The entirety of the site is like that, everybody thinks they know everything and are aggressive as shit about everything. That's why I stopped using it.

Classic behavior.

The fact that this is denied by Microsoft as a vulnerability, instead they call it "normal behavior" raises all kinds of red flags to me. Not that Windows in itself wasn't one huge backdoor already... for all that matters I cannot check for myself as the OS is proprietary. Fixing this exploit would probably put a lot of "cheap and easy" backdoors out of service as privileges would work much better.

I will only switch to Linux when le terminal™ is no longer used for everything (even the most basic thing), but that will never happen, which is bad because the only good thing it currently does is shutting down in less than a minute

@@revival_of_the_canned_justiceThat is incorrect, you can do everything without using terminal.

@@revival_of_the_canned_justice have u actually tried linux

Steam's work on Proton has greatly enhanced game compatibility on Linux in the past few years; if you last checked for compatibility before the release of the Steam Deck it may be worth taking another look.

PSExec can do it via command line.

@@HEXiT_ triggering a dumb AV program is simply an elevated permission state. Get your plugin from the dev and you can turn AV off and just use MB's who are more than aware of Process Hacker. Anyone with a modern PC should be using a VM to run Process Hacker on first anyway and if you aren't already then you haven't learnt that lesson yet. Image your OS into a VM, test and then decide. Only kids run exe's or scripts on their gaming machines.

cmd is the exact opposite of a GUI app. It's descended of MS-DOS and was the equivalent of a Linux shell or...whatever BSD derived thing iFruit computers use. You have limited scripting and access to MS-DOS operating system executables like COPY, DELETE, etc. Up to Windows 98, in fact, MS-DOS, or that same command prompt, bootstrapped Windows, and there were MS-DOS configuration files for Windows that probably caused a lot of headache for Microsoft, leading to what has been a slow, slow move away from it, starting with XP. It remains as a useful artifact of the past, but if you use Windows Terminal in Windows today, the default tab will be a Powershell prompt. Anyway, GUI stands for "Graphical User Interface."

​@@NameThievery CMD by default opens as a terminal emulator and a shell. A terminal emulator is a GUI app. CMD is a GUI app.

​@@HEXiT_ that could be said of anything. Stuff the fear mongering. Windows is literally spyware

I actually pulled an uno revers card on the system. " If I can't touch your files, then you can't touch mine"

Yes. Ruximics exe > Properties > Security tab > Advanced > Change Owner (from SYSTEM or TrustedInstaller to your user name) > Apply > Edit permissions > Deny ALL

So... let me get this straight: RUXIM helps keep Windows updated and performing well by scheduling and delivering necessary updates.. Why delet?

It doesn't do that. It pesters you to upgrade to 11. wuauclt.exe along with several other binaries handles system patches.

​@@Mario583aaverage reddit comment

How it was uploaded 8 days ago it doesn’t have time to age

Wait i dont get it

?

fr hahaha

Or delete the windows stuff through a secondary Linux os

I'm pretty sure it could also be used by a malicious software to remove the current antivirus and then install itself as TrustedInstaller to incrust itself into the system... Even better would be to replace the AV by a fake one so it takes more time for the user suspect anything wrong.

You can remove that stuff without such tricks in official ways you know.

@@Alfred-Neuman You don't need TrustedInstaller for that. An administrator can set the AV program without any additional rights. In fact every AV installer does this: register itself as the main antivirus program by setting a simple key in the registry, that is writeable by an admin.

Mine was breaking my dad’s XP install on his laptop by writing batch files and him making me fix it lol

Do you know a place where poeple are not like that ?

They're fake idiots farming karma. None of them would exist on a real hacking forum.

To be completely fair, the number of people I've seen complaining "hurr durr winblows bad because something broke while i was randomly changing registry values/acls/system files" over the decades suggests there is a huge number of Dunning-Krugers out there who really have no idea what they're doing. Feel free to run out in the middle of the highway and play in the traffic, but don't expect me to help you.

@@throwaway6478 I'll help you play in the middle of a highway :)

sounds like rtfm neckbeards

Last I checked, Johnny Bravo did not have a beard nor a mustache. Edit: I doubt Mr. Hammond will shave them off.

@@Mario583a​​⁠meant more the height of his hair

You can not do this past windows xp (early 7). Session 0, can not have window (CreateWindow does not work)

@@stanislavpetkov7408 Yeah I think I wanted to have a gui app run as a service in win10 and was sad after my research

I think I saw a video of enderman just doing that. Gui apps all worked except for explorer.exe if I remember correctly

It was possible in NT4 and 2000, because there the interactive user was on window station session 0. THis is now randomized and so this was intentionally killed.

@@Lofote really? I could have swore I have done it in XP and Win7 back in the day.

get out

why do i keep seeing these comments?? i dont get it

@@Jxhsxn we know what you did.

@@Jxhsxnidk but based on the user of the username of the commenter, it’s a bot. And for the person who replied to you, probably just a troll

Thank you I downloaded profile pic

That reminds me, but not as technical... I forget how I did it, but late 90s high school computer class, I made the login window on NT 4.0 show up as porn. On all 30 computers in the lab. I was on the shitlist from then on.

@@MattExzy I also guessed a student in another classes password, but they thought I hacked everyone's, so they made an announcement that everyone including the teachers all had to change their passwords... lol I told them the truth but they didn't believe me..

It's not about being smarter, it's about taking the time to learn. Your choice if you do it or not. Sometimes it's harder for intelligent people to learn things because they're not used to hitting barriers/hurdles, so the moment they do they simply stop. Those who are used to struggling often get further because to them hurdles are the norm.

@@roboverholt9959 In college I was not happy that they would not give me privileges on the lab computer I worked on (6 months from my CE) and thought a simple boot locker was sufficient to secure the systems so as a joke I accessed the boot locker and turned on the screen saver function and used "Micheal Angelo at Work !!!" as the bouncing text and came back the next monday to find out they had low level formatted all the internal systems at the school! LOL what a bunch of idiots.

@@LabelsAreMeaningless Its more difficult for more intelligent people to learn things that do not adhere to logic such as languages. When contradictory information just boils down to rote memorization the more intelligent among us will go off on tangents to find out why and how to fix the problem rather than just memorizing and moving on. And when they figure out how to fix the problem they will find out they are running into entrenched established institutional monoliths that will fight them tooth and nail rather than admit any wrong which is the first step to addressing change.

a bored guy at crowd strike followed the tutorial, I suppose

"SYSTEM" has full admin privileges "Local Service" has privileges similar to a regular non-admin user "Network Service" has the same privileges as "Local Service" but it can use the computer's identity. This one is a bit complex: First off, if there is no central password management server, "Local Service" and "Network Service" are the same. Otherwise... Assuming... * You're in a university with an "Active Directory Domain Controller" server that manages the users and passwords for the entire network * There's a shared network folder Z:\ * You are logged on as user "Steve" on the PC "Library-01" Then... * GUI programs on the desktop will access the shared folder as "Steve" * "Local Service" will try to access the shared folder as a guest with no password * "Network Service" will access the shared folder as "Library-01$" Hope this makes sense.

@@haraberu Thanks for the explanation 😛 Even though I didn't understand 50% of it the first time I read it, but I quess these "accounts" just exist because some software requires these special properties to work.

The only reason anyone would type that is if the FBI came knocking on your doors (that says a lot about you guys, honestly 🤨)

​@@revival_of_the_canned_justiceits called a joke bruh 😐 its funny because WE all understand that unlike you apparently

@@surr3ald3sign I know what it does, you fanboy

Penetration testing doesn't matter when you give away the credentials or other valuable information directly in the software. Keep it in mind and keep on keeping on. Best to ya.

@@MrChrisRP I appreciate that got a code injection that allowed me to etc/passed the other night and it made me extatic

Yeah, any admin can just do "sudo su" and tad-dam! Full system acess granted, i can even delete Windows protected files mounted on Linux.

@@SleepTime-Dark any way i can use rm -rf to remove depression?

Or amazingly well!

what happened? I've been living under a rock.

@@WarLightning042watch his most recent video

Global computer/server outages due to solar winds endpoint security update causing BSOD on all windows machines it was pulled to. Hospitals, airlines and other critical infrastructure affected worldwide

Crowdstrike not solar winds​@@bjangles8718

You are, and i mean this as close to literal as possible, comparing apples to oranges here... first off trustedinstaller is not the OS, it is just a brick wall within the windows os designed to keep idiots from bricking their system and has been used to also protect their bloatware. And second do you remember the part of your windows installation where it said something to the effect of "terms and conditions" you are literally agreeing to everything they do, and a chromebook is infact designed to run on the windows os idk what tf you think it runs on, so that part of your "point" literally meant nothing. And to rain on your parade some more, if you own a computer of any kind, odds are microsoft owns some part or all of it bc they own like 90% of all computer technology atp bc they just buy out any competition. Go ahead and look up who owns all those different companies that make the parts in your computer and youll notice, unsuprisingly, that microsoft either owns them or owns a major part of their company and thus more or less owns them anyway. And imma just absolurely rip on you now for that last part "the os must match the device in order for it to function" factually incorrect as the os and the hardware are 2 VASTLY different and incomparable things, the hardware provides the body and the os provides the brain (see THATS how you make an analogy that makes sense in this context btw) the reason vehicles work differently is bc each vehicle company functions ENTIRELY inpdepandant of one another where as consumer use computers are made by many different companies all working together (and still ofc microsoft owning an uncomfortable majority of them bc they are a monopoly) so to attempt to actually answer your question is pointless bc you have a general misunderstanding of even the base concept of software versus hardware and have failed to make a question that makes any form of sense, itd be like if i asked you what your favorite color of the alphebet is, it doesnt make any sense bc thats not even remotely how either of those things work, does that kinda help guide you towards the general idea of what im trying to tell you?

It's a deep subject! 🙃

As you can attest! Lol

for 1) trusted installer is just a dummy privilege used to own system files (think component store/winsxs and msstore) to prevent malicious modifications and accidental deletions. it isn't a security boundary and is unrelated to the kernel. ill leave 2 for someone with more expertise regarding the kernel.

Kernel mode drivers run in the same context as the kernel, and on windows, they generally use the native Windows API. But they do not necessarily need to interact with the OS. If they're launched via a UEFI bootstrapper they can technically run entirely platform independent. They can directly interact with hardware through interrupts, PCI lanes, and unvirtualized memory addresses. They don't _have_ to, but they can. Therefore, they're not resident in any specific process unless injected. They do often operate on Windows via svchost as a service, though, since this is a simple way to manage such low-level drivers. This is why the SC command is typically used to launch them. However, note that services and kernel mode drivers are not the same thing! The kernel mode driver has far less restrictive permissions. Therefore, the service needs to be specifically configured to launch such drivers in the proper context.

​@@Mavendow Thank you for the VERY detailed explanation of the second question ❤ I didn't know that drivers could be launched via a "UEFI bootstrapper". I thought that the only task for the BIOS/UEFI relating to the OS was to launch the "OS boot instruction code" (or BOOTMGR for the Windows OS), but from what I understood from your speech, there are other capabilities as well such as loading drivers.

​@@privatechannel1272 Yes, this is how the LAN and USB works in some modern UEFIs. It would be a hassle to hardcode every individual motherboard's configuration. Drivers basically expose hardware properties to specific memory addresses that other firmware or software can hook, therefore a driver written without proprietary code can technically work in any context. Though, in the case of Windows, DLL/SYS itself is proprietary. More often these will be compiled as SO or shared objects.

@@lordechnobas Thank you for clearing up my ignorance 👍

It's fine for plebs like me.

​@@KK-eg3em Until they blue screen you or use the recall feature ;)

Parrot OS and Mint are fantastic

Tetris , tetris, and tetris

Too many bugs and insecure asf. all hobby projects. For serious stuff NO. For fun def yes

@@atorik1076 it's fine to be ignorant on the internet, but hopefully not irl. If Linux were really to be a hobby project, it shouldn't be used as servers by Microsoft itself. RedHat literally exists, that's a hobby project?

@@atorik1076how to sound like a moron

You're actually LocalSystem for the early parts of OOBE, then in Windows 10 and later, it switches to defaultuser0 for the question panels. At no point are you interactively TrustedInstaller.

Also, if you just tap the change button in the properties settings, if you are already TI, then you’ll be able to change the highest access to modify those files to the user group and just be able to access TI restricted files and turn them into user accessible files, Recommendation.. fuck around and find out

Owls need HUGS

@@Margen67 Indeed. :D

It's actually all the same installation distribution. During installation just pick one of those EU countries, but select language/keyboard as English (World) or something instead of English (US). You might see "colour" instead of "color" or some other nonsense but it will work just fine.