Penetration Testing mailing list archives
Re[2]: Windows Administrator access
From: Bo Cato <jcato73 () comcast net>
Date: Wed, 1 Mar 2006 13:53:52 -0500
As I understand the question, you are faced with the problem of proving your access level on a system that you can not make modifications too per some agreement for the test. If memory serves me correctly, by default you have to have power-user or above access to even see the contents of the local administrators group. So if you run "net localgroup administrators" and get a list and not an error, you have proven elevated access. This requires no system changes. Also you never specified what kind of shell. Local or remote? Assuming this is a cooperative test you could have the administrator create a simple text file with only administrator rights. If you can display contents with "type admin.txt" then there again is your proof. And there are files that are administrator only such as in the /windows/repair/ directory. The type command would prove access, but I'd pipe it to more to cut down on the beeps and boops from non-printable characters. Displaying your ability to change permissions via cacls is good proof but it may be in violation of your no modification agreement. Up to you. -b JT> Are you trying to show current priv or levels for other users i.e sam JT> list. Also what exactly are you trying to verify? There are a few off JT> top that I know that can get you the info that you need. JT> C:\dir /q /a JT> C:\cacls /p user:perm - use this to set or deny perms and gauge against JT> current permissions JT> Or the old fashioned edit command GptTmpl.inf file JT> Hope that helps JT> Jasun Tate JT> Sr. Security Administrator JT> Network Operations-ICW Group JT> Office #858-350-2459 JT> ~~INVEST IN LOSS~~ Chen Man Ching JT> -----Original Message----- JT> From: ROB DIXON [mailto:rdixon () workforcewv org] JT> Sent: Monday, February 27, 2006 5:32 AM JT> To: dillama () gmail com; pen-test () securityfocus com JT> Subject: Re: Windows Administrator access JT> Hi Dillama, JT> Can we ask how you have gained access at this point? What technique are JT> you demoing? JT> Robert L. Dixon, CSO JT> CHFI A+ JT> State of West Virginia's JT> West Virginia Office of Techonology JT> Infrastructure Applications JT> Netware/GroupWise Administrator JT> Telephone: (304)-558-5472 ex.4225 JT> Email:rdixon () workforcewv org
Dillama <dillama () gmail com> >>>
JT> After gaining shell access to a Windows box, is there any way to show JT> administrator privilege without changing the config or uploading new JT> files? JT> I have to demo the ability to gain administrator access to a Win 2000 JT> box, the catch is no changes on the box so adding a user or loading JT> whoami.exe from resource kit would not be options. Any suggestion here JT> would be appreciated. JT> Thanks JT> --- JT> Dillama JT> ------------------------------------------------------------------------ JT> ------ JT> Audit your website security with Acunetix Web Vulnerability Scanner: JT> Hackers are concentrating their efforts on attacking applications on JT> your JT> website. Up to 75% of cyber attacks are launched on shopping carts, JT> forms, JT> login pages, dynamic content etc. Firewalls, SSL and locked-down servers JT> are JT> futile against web application hacking. Check your website for JT> vulnerabilities JT> to SQL injection, Cross site scripting and other web attacks before JT> hackers do! JT> Download Trial at: JT> http://www.securityfocus.com/sponsor/pen-test_050831 JT> ------------------------------------------------------------------------ JT> ------- JT> ------------------------------------------------------------------------ JT> ------ JT> Audit your website security with Acunetix Web Vulnerability Scanner: JT> Hackers are concentrating their efforts on attacking applications on JT> your JT> website. Up to 75% of cyber attacks are launched on shopping carts, JT> forms, JT> login pages, dynamic content etc. Firewalls, SSL and locked-down servers JT> are JT> futile against web application hacking. Check your website for JT> vulnerabilities JT> to SQL injection, Cross site scripting and other web attacks before JT> hackers do! JT> Download Trial at: JT> http://www.securityfocus.com/sponsor/pen-test_050831 JT> ------------------------------------------------------------------------ JT> ------- JT> ##################################################################################### JT> Warning: JT> This email and any files transmitted with it are confidential JT> and intended solely for the use of the individual or entity to JT> which it is addressed. If you are not the named addressee any JT> review, dissemination, distribution or duplication of this e-mail JT> is strictly prohibited. If you have received this email in error, JT> please let us know by e-mail and delete it from your system. JT> Please note that any personal views or opinions presented in this JT> email are solely those of the author and do not necessarily JT> represent those of the company. JT> Thank You. JT> ##################################################################################### ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- Re[2]: Windows Administrator access Bo Cato (Mar 01)
- Re: Windows Administrator access Jerome Athias (Mar 02)