RE: Windows Administrator access

From: Shenk, Jerry A (jshenk@decommunications.com)
Date: Sat Feb 25 2006 - 11:40:39 EST


Why restrict the demo in a way that is not in keeping with a real-world
attack? If a hostile party were to get to a command prompt on a Windows
box, they would not be limited in that way. If you can do it within
those restriction, great but it seems like somebody's wanting to see the
world through rose-colored glasses.

One possibility is a backup of the SAM database that might give you an
administrator password hash that you could crack.

How about running whoami.exe or something else from a remote location?
If your restriction says "or uploading new files", then that would be
within the scope.

-----Original Message-----
From: Dillama [mailto:dillama@gmail.com]
Sent: Saturday, February 25, 2006 4:17 AM
To: pen-test@securityfocus.com
Subject: Windows Administrator access

After gaining shell access to a Windows box, is there any way to show
administrator privilege without changing the config or uploading new
files?

I have to demo the ability to gain administrator access to a Win 2000
box, the catch is no changes on the box so adding a user or loading
whoami.exe from resource kit would not be options. Any suggestion here
would be appreciated.

Thanks

---
Dillama

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------






**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:34 EDT