Re: Windows Administrator access

[Neil <neil () voidfx net>]

Dillama wrote:
> After gaining shell access to a Windows box, is there any way to show
> administrator privilege without changing the config or uploading new
> files?
>
> I have to demo the ability to gain administrator access to a Win 2000
> box, the catch is no changes on the box so adding a user or loading
> whoami.exe from resource kit would not be options. Any suggestion here
> would be appreciated.
>
> Thanks
>
> ---
> Dillama

Well, personally I would just remove the admin privs from all the other 
users as proof, or drill it home with "netsh firewall set opmode 
disable" (disables the firewall); but I suspect whoever asked you to 
demo wouldn't be too thrilled with you doing things my style.

So for you, I would drag them over to the workstation and run "echo 
%username%", which would show what user your shell is running as, and 
then follow it with "net localgroup administrators", which will list all 
administrators (I assume your running a local admin account, not as 
System or Local Service).

Hope it helps.
-Neil

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------