On Fri, 6 Jul 2001, Matt Andreko wrote:
> I normally do not do pen tests on the win2k operating system. However I am
> doing one at the moment. I have successfully got Administrator privelages,
> but only at a pseudo-dos-prompt... Is there anything i can do to get
> graphical abillities, since windows is basically useless without just
> graphics. I have used the "net user" command to create a new user, and
> added it to the Administrators group, but I do not have physical access to
> this machine.
>
> Any help would be appreciated.
Depends on what you want to do. If you insist on having a GUI, and you are
not concerned about stealth, you could use the "pseudo-dos-prompt" to grab
VNC from one of your machines, install and run as a service. That's not
exactly the stealth approach...but it will get you a GUI.
Like I say, it just depends on what your goals are. Personally, I
think you've gone far enough. At this point I'd tell the client that you
have access (however rudimentary) and offer to help tighten up the box on
site. Then you'll be able to audit the system more thoroughly.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
--------------------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Jul 06 2001
Intro
