Re: Windows Administrator access


A "set" is always a good way to get interactive user info as well-- you not only get the username var, but the dns domain and the user domain, the path info, app data settings, etc...

t



On Feb 25, 2006, at 9:30 AM, Neil wrote:

Dillama wrote:
After gaining shell access to a Windows box, is there any way to show
administrator privilege without changing the config or uploading new
files?
I have to demo the ability to gain administrator access to a Win 2000
box, the catch is no changes on the box so adding a user or loading
whoami.exe from resource kit would not be options. Any suggestion here
would be appreciated.
Thanks
---
Dillama

Well, personally I would just remove the admin privs from all the other users as proof, or drill it home with "netsh firewall set opmode disable" (disables the firewall); but I suspect whoever asked you to demo wouldn't be too thrilled with you doing things my style.

So for you, I would drag them over to the workstation and run "echo %username%", which would show what user your shell is running as, and then follow it with "net localgroup administrators", which will list all administrators (I assume your running a local admin account, not as System or Local Service).

Hope it helps.
-Neil

---------------------------------------------------------------------- --------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
---------------------------------------------------------------------- ---------




Relevant Pages

  • RE: Windows Administrator access
    ... Security Administrator ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • RE: Windows Administrator access
    ... have the administrator password just use the run as command: ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • RE: Windows Administrator access
    ... you can show admin privileges by adding a new administrator ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: Windows Administrator access
    ... If you're not administrator, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • Re: Windows Administrator access
    ... I think this can only be done by an administrator ... Hackers are concentrating their efforts on attacking applications on your website. ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ... Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)