From: Travis Potter (Travis@secureintegrations.com)
Date: Sat Feb 25 2006 - 14:14:00 EST
I'm not sure if I understand but if all you want to do is prove you're an
admin just create a file in the system 32 dir. If you want to prove that you
have the administrator password just use the run as command:
runas /user:localmachinename\administrator cmd When prompted, type the
administrator password.
Or use the "net" series of commands ie: net user will enumerate all the
local users; or the net accounts command will give you some good info!!
Does this help?
-----Original Message-----
From: Dillama [mailto:dillama@gmail.com]
Sent: Saturday, February 25, 2006 2:17 AM
To: pen-test@securityfocus.com
Subject: Windows Administrator access
After gaining shell access to a Windows box, is there any way to show
administrator privilege without changing the config or uploading new files?
I have to demo the ability to gain administrator access to a Win 2000 box,
the catch is no changes on the box so adding a user or loading whoami.exe
from resource kit would not be options. Any suggestion here would be
appreciated.
Thanks
--- Dillama ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:34 EDT