http://mcpmag.com/columns/article.asp?EditorialsID=1369
____________________________
Matt Ausmus
Network Administrator
Chapman University
635 West Palm Street
Orange, CA 92868
(714)628-2738
mausmus@chapman.edu
"You can lead a horse to water, but if you can get him to float on his back,
you've got something."
-HARTLEY'S FIRST LAW
-----Original Message-----
From: justin@escracing.com [mailto:justin@escracing.com]
Sent: Tuesday, November 27, 2007 1:59 PM
To: bugtraq@securityfocus.com
Subject: Win2K3 Priv Escalation
Alright, i follow bugtraq rather extensively and really never had much to
say, but a friend of mind just contacted me earlier with a problem and i
can't really think of a simple solution. Anyway, I'm hoping someone can
help.
Scenario
Companies previous net admin was ticked he was getting laid off and
removed all users from the Domain Admin group, and the local account
password has been changed to something no one in the company knows. Well,
he tried to reset the admin password(local) using chgntpw(i think thats it
*nix app) and it complains that flags on the filesystem are invalid and to
login to safe mode, reboot, ect. Which he can't do.
The question is, is there any simple way to gain administrative
privileges(preferably domain admin) on win2K3? I've thought of process
injection, possibly a rk, something along those lines, which would either
need to be made from scratch or modified to his specific needs. But all
that just seems over kill when all he needs to do is add a domain admin
acct so he can start being the net admin.
Open to suggestions, flaming because i'm retarded and missing it, ect.
Thanks
