A "set" is always a good way to get interactive user info as well--
you not only get the username var, but the dns domain and the user
domain, the path info, app data settings, etc...
t
On Feb 25, 2006, at 9:30 AM, Neil wrote:
Dillama wrote:
After gaining shell access to a Windows box, is there any way to show
administrator privilege without changing the config or uploading new
files?
I have to demo the ability to gain administrator access to a Win 2000
box, the catch is no changes on the box so adding a user or loading
whoami.exe from resource kit would not be options. Any suggestion
here
would be appreciated.
Thanks
---
Dillama
Well, personally I would just remove the admin privs from all the
other users as proof, or drill it home with "netsh firewall set
opmode disable" (disables the firewall); but I suspect whoever
asked you to demo wouldn't be too thrilled with you doing things my
style.
So for you, I would drag them over to the workstation and run "echo
%username%", which would show what user your shell is running as,
and then follow it with "net localgroup administrators", which will
list all administrators (I assume your running a local admin
account, not as System or Local Service).
Hope it helps.
-Neil
----------------------------------------------------------------------
--------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications
on your website. Up to 75% of cyber attacks are launched on
shopping carts, forms, login pages, dynamic content etc. Firewalls,
SSL and locked-down servers are futile against web application
hacking. Check your website for vulnerabilities to SQL injection,
Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------
---------
