Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Win2K3 Priv Escalation

from [justin] Network Security [Permanent Link]
Subject: Win2K3 Priv Escalation
Date: Tue, 27 Nov 2007 16:59:05 -0500 (EST) 
Alright, i follow bugtraq rather extensively and really never had much to
say, but a friend of mind just contacted me earlier with a problem and i
can't really think of a simple solution. Anyway, I'm hoping someone can
help.

Scenario

Companies previous net admin was ticked he was getting laid off and
removed all users from the Domain Admin group, and the local account
password has been changed to something no one in the company knows. Well,
he tried to reset the admin password(local) using chgntpw(i think thats it
*nix app) and it complains that flags on the filesystem are invalid and to
login to safe mode, reboot, ect. Which he can't do.

The question is, is there any simple way to gain administrative
privileges(preferably domain admin) on win2K3? I've thought of process
injection, possibly a rk, something along those lines, which would either
need to be made from scratch or modified to his specific needs. But all
that just seems over kill when all he needs to do is add a domain admin
acct so he can start being the net admin.

Open to suggestions, flaming because i'm retarded and missing it, ect.

Thanks
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  PHPkit 1.6.1 (include.php?path=) Remote File Inclusion, sys-project
Next by Date:  Re: [Full-disclosure] ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Expos, cocoruder.
Previous by Thread:  PHPkit 1.6.1 (include.php?path=) Remote File Inclusion, sys-project
Next by Thread:  Re: Win2K3 Priv Escalation, Jan Münther
Indexes:  [Date] [Thread] [Top] [All Lists]