Re: Windows Administrator access

From: Marco Monicelli (marco.monicelli@marcegaglia.com)
Date: Mon Feb 27 2006 - 02:49:49 EST

You can simply change directory and going into "C:\Documents and
Settings\Administrator".

If you're not administrator, you cannot browse in there. The command prompt
will show the path and this will demonstrate that you're administrator over
there.

Ciao

Marco

                                                                           
             Dillama
             <dillama@gmail.co
             m> To
                                       pen-test@securityfocus.com
             25/02/2006 10.17 cc
                                                                           
                                                                   Subject
                                       Windows Administrator access
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           

After gaining shell access to a Windows box, is there any way to show
administrator privilege without changing the config or uploading new
files?

I have to demo the ability to gain administrator access to a Win 2000
box, the catch is no changes on the box so adding a user or loading
whoami.exe from resource kit would not be options. Any suggestion here
would be appreciated.

Thanks 

---
Dillama
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:34 EDT