Re: Windows Administrator access

From: Thor (Hammer of God) (Thor@HammerOfGod.com)
Date: Mon Feb 27 2006 - 11:58:42 EST

• Next message: Jasun Tate: "RE: Windows Administrator access"
• Previous message: Jack: "Order víagra from home - no doctors!!"
• In reply to: Neil: "Re: Windows Administrator access"
• Next in thread: Travis Potter: "RE: Windows Administrator access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A "set" is always a good way to get interactive user info as well--
you not only get the username var, but the dns domain and the user
domain, the path info, app data settings, etc...

t

On Feb 25, 2006, at 9:30 AM, Neil wrote:

> Dillama wrote:
>> After gaining shell access to a Windows box, is there any way to show
>> administrator privilege without changing the config or uploading new
>> files?
>> I have to demo the ability to gain administrator access to a Win 2000
>> box, the catch is no changes on the box so adding a user or loading
>> whoami.exe from resource kit would not be options. Any suggestion
>> here
>> would be appreciated.
>> Thanks
>> ---
>> Dillama
>
> Well, personally I would just remove the admin privs from all the
> other users as proof, or drill it home with "netsh firewall set
> opmode disable" (disables the firewall); but I suspect whoever
> asked you to demo wouldn't be too thrilled with you doing things my
> style.
>
> So for you, I would drag them over to the workstation and run "echo
> %username%", which would show what user your shell is running as,
> and then follow it with "net localgroup administrators", which will
> list all administrators (I assume your running a local admin
> account, not as System or Local Service).
>
> Hope it helps.
> -Neil
>
> ----------------------------------------------------------------------
> --------
> Audit your website security with Acunetix Web Vulnerability Scanner:
> Hackers are concentrating their efforts on attacking applications
> on your website. Up to 75% of cyber attacks are launched on
> shopping carts, forms, login pages, dynamic content etc. Firewalls,
> SSL and locked-down servers are futile against web application
> hacking. Check your website for vulnerabilities to SQL injection,
> Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------
> ---------
>
>
>

• Next message: Jasun Tate: "RE: Windows Administrator access"
• Previous message: Jack: "Order víagra from home - no doctors!!"
• In reply to: Neil: "Re: Windows Administrator access"
• Next in thread: Travis Potter: "RE: Windows Administrator access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:34 EDT