RE: Windows Administrator access

From: Sahir Hidayatullah (sahirh@mielesecurity.com)
Date: Sun Feb 26 2006 - 14:43:40 EST

• Next message: security@calculateddecision.com: "RE: Windows Administrator access"
• Previous message: Nico Golde: "Re: Snarf files from a sniff dump"
• In reply to: Dillama: "Windows Administrator access"
• Next in thread: security@calculateddecision.com: "RE: Windows Administrator access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you are able to change to the administrators home directory (typically
c:\documents & settings\administrator), then you are probably a member of
the administrators group.

Of course this will only work assuming that the filesystem is formatted with
NTFS and default permissions are in place.

--S.

-----Original Message-----
From: Dillama [mailto:dillama@gmail.com]
Sent: Saturday, February 25, 2006 2:47 PM
To: pen-test@securityfocus.com
Subject: Windows Administrator access

After gaining shell access to a Windows box, is there any way to show
administrator privilege without changing the config or uploading new
files?

I have to demo the ability to gain administrator access to a Win 2000
box, the catch is no changes on the box so adding a user or loading
whoami.exe from resource kit would not be options. Any suggestion here
would be appreciated.

Thanks

---
Dillama
----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: security@calculateddecision.com: "RE: Windows Administrator access"
• Previous message: Nico Golde: "Re: Snarf files from a sniff dump"
• In reply to: Dillama: "Windows Administrator access"
• Next in thread: security@calculateddecision.com: "RE: Windows Administrator access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:34 EDT