RE: Windows Administrator access


Usually, you can show admin privileges by adding a new administrator
user to the machine, only admin can do that.
You can do that without any external files, using the "net" command. The
net command can also be useful to show admin priv., for example to
start/stop services, manage shares, etc.


Regards,
Erez.
________________________________


Erez Metula
Application Security Consultant & Dept. Manager
E-Mail: erezmetula@xxxxxxxxxxxxxx
Mobile: 972-54-2108830 Office: 972-39007530


-----Original Message-----
From: Dillama [mailto:dillama@xxxxxxxxx]
Sent: Saturday, February 25, 2006 11:17 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Windows Administrator access

After gaining shell access to a Windows box, is there any way to show
administrator privilege without changing the config or uploading new
files?

I have to demo the ability to gain administrator access to a Win 2000
box, the catch is no changes on the box so adding a user or loading
whoami.exe from resource kit would not be options. Any suggestion here
would be appreciated.

Thanks

---
Dillama

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Relevant Pages

  • RE: Hacking to Xp box
    ... and an admin with knowledge of their environment would be able ... I think there was a misunderstanding in the firewall point: ... > restricts most of the attacks that use anonymous connections. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ...
    (Pen-Test)
  • RE: Windows Administrator access
    ... Security Administrator ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • RE: Windows Administrator access
    ... have the administrator password just use the run as command: ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • Re: Windows Administrator access
    ... I think this can only be done by an administrator ... Hackers are concentrating their efforts on attacking applications on your website. ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ... Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • Re: Windows Administrator access
    ... If you're not administrator, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)