Re: win2k pentest - what can i do?

[Mike DeGraw-Bertsch <mbertsch () oreilly com>]

I'd just change the "Administrator" password--I haven't tried this, but I
believe the command is "cusrmgr -u Administrator -P <newpassword>".  
Alternately, you can change a user's permissions (or add them to the
Local/Domain Administrator group).  "ntrights" changes user permissions.  
Both tactics require, unfortunately, the Win2k resource kit.

  -Mike

On Fri, 6 Jul 2001, Matt Andreko wrote:

> I normally do not do pen tests on the win2k operating system.  However I am
> doing one at the moment.  I have successfully got Administrator privelages,
> but only at a pseudo-dos-prompt...  Is there anything i can do to get
> graphical abillities, since windows is basically useless without just
> graphics.  I have used the "net user" command to create a new user, and
> added it to the Administrators group, but I do not have physical access to
> this machine.
>
> Any help would be appreciated.
>
> --
> Matt Andreko
> On-Ramp Indiana
> (317)774-2100
>
>
> --------------------------------------------------------------------------------------
>
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
> For more information on SecurityFocus' SIA service which automatically alerts you to 
> the latest security vulnerabilities please see:
>
> https://alerts.securityfocus.com/



--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/