Penetration Testing mailing list archives
RE: Windows Administrator access
From: "Erez Metula" <erezmetula () 2bsecure co il>
Date: Sun, 26 Feb 2006 11:37:01 +0200
Usually, you can show admin privileges by adding a new administrator user to the machine, only admin can do that. You can do that without any external files, using the "net" command. The net command can also be useful to show admin priv., for example to start/stop services, manage shares, etc. Regards, Erez. ________________________________ Erez Metula Application Security Consultant & Dept. Manager E-Mail: erezmetula () 2bsecure co il Mobile: 972-54-2108830 Office: 972-39007530 -----Original Message----- From: Dillama [mailto:dillama () gmail com] Sent: Saturday, February 25, 2006 11:17 AM To: pen-test () securityfocus com Subject: Windows Administrator access After gaining shell access to a Windows box, is there any way to show administrator privilege without changing the config or uploading new files? I have to demo the ability to gain administrator access to a Win 2000 box, the catch is no changes on the box so adding a user or loading whoami.exe from resource kit would not be options. Any suggestion here would be appreciated. Thanks --- Dillama ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Windows Administrator access, (continued)
- Re: Windows Administrator access Thor (Hammer of God) (Feb 27)
- RE: Windows Administrator access Travis Potter (Feb 26)
- Re: Windows Administrator access Martin Mačok (Feb 26)
- Re: Windows Administrator access Isaac Perez (Feb 26)
- Re: Windows Administrator access AdamT (Feb 26)
- RE: Windows Administrator access Sahir Hidayatullah (Feb 26)
- RE: Windows Administrator access security (Feb 26)
- Re: Windows Administrator access Marco Monicelli (Feb 27)
- RE: Windows Administrator access Shenk, Jerry A (Feb 26)
- Re: Windows Administrator access shiri_yacov (Feb 26)
- RE: Windows Administrator access Erez Metula (Feb 26)
- Re: Windows Administrator access intel96 (Feb 27)
- Re: Windows Administrator access ROB DIXON (Feb 27)
- RE: Windows Administrator access Jasun Tate (Feb 27)