Penetration Testing mailing list archives
RE: Windows Administrator access
From: "Jasun Tate" <jtate () ICWGROUP com>
Date: Mon, 27 Feb 2006 08:47:48 -0800
Are you trying to show current priv or levels for other users i.e sam list. Also what exactly are you trying to verify? There are a few off top that I know that can get you the info that you need. C:\dir /q /a C:\cacls /p user:perm - use this to set or deny perms and gauge against current permissions Or the old fashioned edit command GptTmpl.inf file Hope that helps Jasun Tate Sr. Security Administrator Network Operations-ICW Group Office #858-350-2459 ~~INVEST IN LOSS~~ Chen Man Ching -----Original Message----- From: ROB DIXON [mailto:rdixon () workforcewv org] Sent: Monday, February 27, 2006 5:32 AM To: dillama () gmail com; pen-test () securityfocus com Subject: Re: Windows Administrator access Hi Dillama, Can we ask how you have gained access at this point? What technique are you demoing? Robert L. Dixon, CSO CHFI A+ State of West Virginia's West Virginia Office of Techonology Infrastructure Applications Netware/GroupWise Administrator Telephone: (304)-558-5472 ex.4225 Email:rdixon () workforcewv org
Dillama <dillama () gmail com> >>>
After gaining shell access to a Windows box, is there any way to show administrator privilege without changing the config or uploading new files? I have to demo the ability to gain administrator access to a Win 2000 box, the catch is no changes on the box so adding a user or loading whoami.exe from resource kit would not be options. Any suggestion here would be appreciated. Thanks --- Dillama ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ##################################################################################### Warning: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which it is addressed. If you are not the named addressee any review, dissemination, distribution or duplication of this e-mail is strictly prohibited. If you have received this email in error, please let us know by e-mail and delete it from your system. Please note that any personal views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Thank You. #####################################################################################
Current thread:
- Re: Windows Administrator access, (continued)
- Re: Windows Administrator access Isaac Perez (Feb 26)
- Re: Windows Administrator access AdamT (Feb 26)
- RE: Windows Administrator access Sahir Hidayatullah (Feb 26)
- RE: Windows Administrator access security (Feb 26)
- Re: Windows Administrator access Marco Monicelli (Feb 27)
- RE: Windows Administrator access Shenk, Jerry A (Feb 26)
- Re: Windows Administrator access shiri_yacov (Feb 26)
- RE: Windows Administrator access Erez Metula (Feb 26)
- Re: Windows Administrator access intel96 (Feb 27)
- Re: Windows Administrator access ROB DIXON (Feb 27)
- RE: Windows Administrator access Jasun Tate (Feb 27)