Penetration Testing: Re: [PEN-TEST] Expand right under Win2K

["Edwards, David (JTD)" <Edwards.David2 () SAUGOV SA GOV AU>]

Hi,

> -----Original Message-----
> From: Paul Cardon [mailto:paul () MOQUIJO COM]
> Sent: Wednesday, 10 January 2001 7:48 AM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: [PEN-TEST] Expand right under Win2K
>
> Charlie Rhodes wrote:
> > > We have a win2k where we have access to a cmd.exe with
> the rights of the
> > > web-server and we would like to obtain administrator
> rights. Also we
> > > don't have the rights to read the SAM files.
> > > We tried the well-known methdos under win  NT 4.0 (like
> breaknt.exe,
> > > read from raw device) in vain.
> >     Do you have network (ftp) access?  or floppy access?
> > http://www.bo2k.com should do the trick.  You'll probably
> want to configure
> > the server part off the machine, then load it on.
> This is the second time this question has been asked on the list and
> almost everybody misunderstands the problem.  Let me restate it:
[snip 3 good ideas]

Add:

4) Install a Trojan to catch the admin next login.  All_users
startup may be available, common mistyped stuff in cmd shells
(how many of us try to use ifconfig in an cmd shell :-), unprotected
batch files etc.

ciao
dave
---
Dave Edwards
Justice Technology Division
Ph: +61 8 82265426 || 0408 808355
mailto: edwards.david2 () saugov sa gov au
Snail : Justice Technology Division
        GPO Box 2048, Adelaide 5001
---
The information in this e-mail may be confidential and/or legally
privileged.  Use or disclosure by anyone other than the intended
recipient is prohibited and may be unlawful.  If you have received
this e-mail in error, please advise me immediately
---