|
Penetration Testing
mailing list archives
Re: [PEN-TEST] Expand right under Win2K
From: "Pascal C. Kocher" <pascal.kocher () NETBEAT-SECURITY CH>
Date: Wed, 10 Jan 2001 14:46:24 +0100
Hi all
The only things that are possible are:
1) There is a known privilege escalation vulnerability that can be
exploited with local unprivileged access. The attacker can download and
run that code to gain Administrator access.
2) Brute force attack against accounts with local Administrator
privilege.
3) Look for vulnerabilities in other systems that the web server can
talk to. Some of those may expose Domain accounts with Administrator
privilege on the web server or other systems that are trusted by the web
server.
A possibility is to schedule the start of an application (netcat) per AT
command. Even under win2k it will be run as SYSTEM.
Regards,
Pascal.
 By Date 
By Thread
Current thread:
- Re: [PEN-TEST] Expand right under Win2K, (continued)
- Re: [PEN-TEST] Expand right under Win2K Pascal C. Kocher (Jan 10)
Re: [PEN-TEST] Expand right under Win2K Edwards, David (JTD) (Jan 09)
Re: [PEN-TEST] Expand right under Win2K Complx1 * (Jan 09)
Re: [PEN-TEST] Expand right under Win2K Edwards, David (JTD) (Jan 10)
Re: [PEN-TEST] Expand right under Win2K Complx1 * (Jan 11)
Re: [PEN-TEST] Expand right under Win2K Beauregard, Claude Q (Jan 11)
|
Intro
