|
Penetration Testing
mailing list archives
Re: win2k pentest - what can i do?
From: Jonathan Rickman <jonathan () xcorps net>
Date: Fri, 6 Jul 2001 11:47:46 -0400 (EDT)
On Fri, 6 Jul 2001, Matt Andreko wrote:
I normally do not do pen tests on the win2k operating system. However I am
doing one at the moment. I have successfully got Administrator privelages,
but only at a pseudo-dos-prompt... Is there anything i can do to get
graphical abillities, since windows is basically useless without just
graphics. I have used the "net user" command to create a new user, and
added it to the Administrators group, but I do not have physical access to
this machine.
Any help would be appreciated.
Depends on what you want to do. If you insist on having a GUI, and you are
not concerned about stealth, you could use the "pseudo-dos-prompt" to grab
VNC from one of your machines, install and run as a service. That's not
exactly the stealth approach...but it will get you a GUI.
Like I say, it just depends on what your goals are. Personally, I
think you've gone far enough. At this point I'd tell the client that you
have access (however rudimentary) and offer to help tighten up the box on
site. Then you'll be able to audit the system more thoroughly.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
--------------------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
|
Intro
