RE: Windows privelege escalation?

From: Cedric.Baechler@vtg.admin.ch
Date: Wed Jul 13 2005 - 07:52:28 EDT

• Next message: Felipe Balbi: "Re: SQL injections and connections to a DB"
• Previous message: boxerb: "RE: modeling a network architecture"
• Maybe in reply to: Bones: "Windows privelege escalation?"
• Next in thread: Prashant Meswani: "RE: Windows privelege escalation?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I've had success with a public exploit for MS04-044 that i slightly modified and that give you SYSTEM privileges on any Win2k SP4.

Cedric

-----Message d'origine-----
De : Bones [mailto:the.bones@gmail.com]
Envoyé : mercredi, 13. juillet 2005 00:01
À : pen-test@securityfocus.com
Objet : Windows privelege escalation?

All,

Working on a pen-test here where low-privilege user accounts are easy enough to obtain on some target servers, however, escalating privs is giving us some fits.

Most of the targets are Win2003 or Win2000-SP4.

What is the current state of escalating privileges on Windows hosts?
Any new tools or working exploits out there which are publicly accessible? Most of the silver bullets of the past (like PipeUpSam,
PipeUpAdmin) are of course no longer usable largely after Win2000-SP3.
We did find some exploits (MS05-012, etc.) that might have worked, but this client is patched pretty solid.

Interested to see the feedback...

--
Bones*
the.bones@gmail.com

• Next message: Felipe Balbi: "Re: SQL injections and connections to a DB"
• Previous message: boxerb: "RE: modeling a network architecture"
• Maybe in reply to: Bones: "Windows privelege escalation?"
• Next in thread: Prashant Meswani: "RE: Windows privelege escalation?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:32 EDT