Windows privelege escalation?

From: Bones (the.bones@gmail.com)
Date: Tue Jul 12 2005 - 18:01:25 EDT

• Next message: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• Previous message: Mike Tupker: "SQL injections and connections to a DB"
• Next in thread: Cedric.Baechler@vtg.admin.ch: "RE: Windows privelege escalation?"
• Maybe reply: Cedric.Baechler@vtg.admin.ch: "RE: Windows privelege escalation?"
• Reply: Prashant Meswani: "RE: Windows privelege escalation?"
• Reply: Ricardo Abraham Aréchiga Cervantes: "Re: Windows privelege escalation?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All,

Working on a pen-test here where low-privilege user accounts are easy
enough to obtain on some target servers, however, escalating privs is
giving us some fits.

Most of the targets are Win2003 or Win2000-SP4.

What is the current state of escalating privileges on Windows hosts?
Any new tools or working exploits out there which are publicly
accessible? Most of the silver bullets of the past (like PipeUpSam,
PipeUpAdmin) are of course no longer usable largely after Win2000-SP3.
We did find some exploits (MS05-012, etc.) that might have worked, but
this client is patched pretty solid.

Interested to see the feedback...

-- 
Bones*
the.bones@gmail.com

• Next message: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• Previous message: Mike Tupker: "SQL injections and connections to a DB"
• Next in thread: Cedric.Baechler@vtg.admin.ch: "RE: Windows privelege escalation?"
• Maybe reply: Cedric.Baechler@vtg.admin.ch: "RE: Windows privelege escalation?"
• Reply: Prashant Meswani: "RE: Windows privelege escalation?"
• Reply: Ricardo Abraham Aréchiga Cervantes: "Re: Windows privelege escalation?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:32 EDT