RE: Windows Administrator access

I'm not sure if I understand but if all you want to do is prove you're an
admin just create a file in the system 32 dir. If you want to prove that you
have the administrator password just use the run as command:

runas /user:localmachinename\administrator cmd When prompted, type the
administrator password.

Or use the "net" series of commands ie: net user will enumerate all the
local users; or the net accounts command will give you some good info!!

Does this help?

-----Original Message-----
From: Dillama [mailto:dillama@xxxxxxxxx]
Sent: Saturday, February 25, 2006 2:17 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Windows Administrator access

After gaining shell access to a Windows box, is there any way to show
administrator privilege without changing the config or uploading new files?

I have to demo the ability to gain administrator access to a Win 2000 box,
the catch is no changes on the box so adding a user or loading whoami.exe
from resource kit would not be options. Any suggestion here would be
appreciated.

Thanks

---
Dillama

----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities to SQL injection, Cross site scripting and other web attacks
before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---




------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Relevant Pages

  • RE: 3rd party vuln assesment firms
    ... > "We use the same tools hackers bring to bear against your systems. ... >> I'm looking for a firm to conduct annual 3rd party vulnerability ... Up to 75% of cyber attacks are launched on shopping ... >> your website for vulnerabilities to SQL injection, ...
    (Pen-Test)
  • RE: 3rd party vuln assesment firms
    ... > "We use the same tools hackers bring to bear against your systems. ... >> I'm looking for a firm to conduct annual 3rd party vulnerability ... Up to 75% of cyber attacks are launched on shopping ... >> your website for vulnerabilities to SQL injection, ...
    (Pen-Test)
  • RE: Penetration test of 1 IP address
    ... Before I do anything very intrusive I personally go to the website ... Also remember once you have found a vulnerability, ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping ...
    (Pen-Test)
  • Re: Whitespace in passwords
    ... input password is alphanumeric + special characters -- chances are strong ... >> Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping ... >> your website for vulnerabilities to SQL injection, ...
    (Pen-Test)
  • Re: Qualys
    ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)