RE: *** GMX Spamverdacht *** Remotely starting the "server" process on win XP

From: Peder Pedersen (pep@skov.dk)
Date: Thu Sep 04 2003 - 03:17:33 EDT


Hi

This will only work as long as the server service is started... which is
isn't in this case..

Another method could be using the sc command ... sc \\machinename start
"servicename" - but again it would require the server service started..

But with an admin password and the server service started there's not
much to pen-test... you would have complete control ...

Regards
Peder Pedersen
CCSA,CCSE,MCSE

-----Original Message-----
From: Gerald Cody Bunch [mailto:gbunch@gmx.net]
Sent: 2. september 2003 03:49
To: Lachniet, Mark; Pen-test@securityfocus.com
Subject: RE: *** GMX Spamverdacht *** Remotely starting the "server"
process on win XP [Spam? Faked address!]

If you have already gained the admin password, the rest should be cake.

If your machine is 2k/xp you should be able to run services.msc

Right click 'Services' in the left pane, and click connect to another
computer.
Give it the IP address of the remote machine, and when it asks for
authentication,
give it the username/password you have gained, and start all the
services you like.

Alternatively you can drop to the command prompt on your machine
"cmd.exe"
And issue a (Runas /user:domain\username "mmc
%windir%\system32\services.msc")
Using the username and password of the user you have gained, and also
start services at your liking.

 Thanks,

 Gerald Cody Bunch
 gbunch@gmx.net

-----Original Message-----
From: Lachniet, Mark [mailto:mlachniet@sequoianet.com]
Sent: Tuesday, September 02, 2003 11:24 AM
To: Pen-test@securityfocus.com
Subject: *** GMX Spamverdacht *** Remotely starting the "server" process
on win XP

Hello all,

I was hoping someone could provide an opinion on the following scenario:

Assume that I am pen-testing a Windows XP workstation across the
network. Further assume that it is fully patched, and no known exploits
will work. Lastly, assume that I have gotten the admin password, but am
limited by the amount of fun I can have because the Server process is
not started, nor is IIS or any other obvious means of ingress. Short of
the usual trickery (physical access to the machine, tricking someone,
hacking a user workstation, etc.), can anyone suggest a good way to
remotely start the server process so that I could then continue
pen-testing the box?

Thanks,

Mark Lachniet

------------------------------------------------------------------------

---
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free
for  21 days at:
http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
------------------------------------------------------------------------
----
------------------------------------------------------------------------
---
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free
for  21 days at:
http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT