Re: Windows Administrator access

From: ROB DIXON (rdixon@workforcewv.org)
Date: Mon Feb 27 2006 - 08:32:01 EST

• Next message: Craig Wright: "RE: Snarf files from a sniff dump"
• Previous message: Marco Monicelli: "Re: Windows Administrator access"
• Maybe in reply to: Dillama: "Windows Administrator access"
• Next in thread: Jasun Tate: "RE: Windows Administrator access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Dillama,

Can we ask how you have gained access at this point? What technique are you demoing?

Robert L. Dixon, CSO
CHFI A+
State of West Virginia's
West Virginia Office of Techonology
Infrastructure Applications
Netware/GroupWise Administrator
Telephone: (304)-558-5472 ex.4225
Email:rdixon@workforcewv.org
>>> Dillama <dillama@gmail.com> >>>
After gaining shell access to a Windows box, is there any way to show
administrator privilege without changing the config or uploading new
files?

I have to demo the ability to gain administrator access to a Win 2000
box, the catch is no changes on the box so adding a user or loading
whoami.exe from resource kit would not be options. Any suggestion here
would be appreciated.

Thanks

---
Dillama
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Craig Wright: "RE: Snarf files from a sniff dump"
• Previous message: Marco Monicelli: "Re: Windows Administrator access"
• Maybe in reply to: Dillama: "Windows Administrator access"
• Next in thread: Jasun Tate: "RE: Windows Administrator access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:34 EDT