Penetration Testing mailing list archives

Re: Windows privelege escalation?

From: Ricardo Abraham Aréchiga Cervantes <rabrahamac () gmail com>
Date: Thu, 14 Jul 2005 08:39:57 -0500

If budget permits... http://www.argeniss.com/products.html, they have
a Windows 2000 local exploit. MS was notified, but still no patch
available.

Ricardo Abraham


On 7/12/05, Bones <the.bones () gmail com> wrote:

All,

Working on a pen-test here where low-privilege user accounts are easy
enough to obtain on some target servers, however, escalating privs is
giving us some fits.

Most of the targets are Win2003 or Win2000-SP4.

What is the current state of escalating privileges on Windows hosts?
Any new tools or working exploits out there which are publicly
accessible? Most of the silver bullets of the past (like PipeUpSam,
PipeUpAdmin) are of course no longer usable largely after Win2000-SP3.
We did find some exploits (MS05-012, etc.) that might have worked, but
this client is patched pretty solid.

Interested to see the feedback...

--
Bones*
the.bones () gmail com

Current thread:

Windows privelege escalation? Bones (Jul 12)
- RE: Windows privelege escalation? Prashant Meswani (Jul 13)
- Re: Windows privelege escalation? Ricardo Abraham Aréchiga Cervantes (Jul 14)
- <Possible follow-ups>
- RE: Windows privelege escalation? Cedric.Baechler (Jul 13)