Penetration Testing mailing list archives
RE: Windows privelege escalation?
From: "Prashant Meswani" <prashant.meswani () ukonline co uk>
Date: Wed, 13 Jul 2005 17:07:19 +0100
Have you tried something like the Getadmin tool? I'm not sure if it will work on Win2k post SP1 or Win2k3, but it may be worth looking at. I think you can download it from http://www.antiserver.it/Win%20NT/Penetration/. I'm sure someone on the list will be able to provide a more newer tool. Regards, Prashant Meswani, CEH The opinions expressed in this email are those of my own and does not represent those of any organisation or associations to which I belong to unless stated otherwise. -----Original Message----- From: Bones [mailto:the.bones () gmail com] Sent: 12 July 2005 23:01 To: pen-test () securityfocus com Subject: Windows privelege escalation? All, Working on a pen-test here where low-privilege user accounts are easy enough to obtain on some target servers, however, escalating privs is giving us some fits. Most of the targets are Win2003 or Win2000-SP4. What is the current state of escalating privileges on Windows hosts? Any new tools or working exploits out there which are publicly accessible? Most of the silver bullets of the past (like PipeUpSam, PipeUpAdmin) are of course no longer usable largely after Win2000-SP3. We did find some exploits (MS05-012, etc.) that might have worked, but this client is patched pretty solid. Interested to see the feedback... -- Bones* the.bones () gmail com
Current thread:
- Windows privelege escalation? Bones (Jul 12)
- RE: Windows privelege escalation? Prashant Meswani (Jul 13)
- Re: Windows privelege escalation? Ricardo Abraham Aréchiga Cervantes (Jul 14)
- <Possible follow-ups>
- RE: Windows privelege escalation? Cedric.Baechler (Jul 13)