Are you trying to show current priv or levels for other users i.e sam
list. Also what exactly are you trying to verify? There are a few off
top that I know that can get you the info that you need.
C:\dir /q /a
C:\cacls /p user:perm - use this to set or deny perms and gauge against
current permissions
Or the old fashioned edit command GptTmpl.inf file
Hope that helps
Jasun Tate
Sr. Security Administrator
Network Operations-ICW Group
Office #858-350-2459
~~INVEST IN LOSS~~ Chen Man Ching
-----Original Message-----
From: ROB DIXON [mailto:rdixon@workforcewv.org]
Sent: Monday, February 27, 2006 5:32 AM
To: dillama@gmail.com; pen-test@securityfocus.com
Subject: Re: Windows Administrator access
Hi Dillama,
Can we ask how you have gained access at this point? What technique are
you demoing?
Robert L. Dixon, CSO
CHFI A+
State of West Virginia's
West Virginia Office of Techonology
Infrastructure Applications
Netware/GroupWise Administrator
Telephone: (304)-558-5472 ex.4225
Email:rdixon@workforcewv.org
Dillama <dillama@gmail.com> >>>
After gaining shell access to a Windows box, is there any way to show
administrator privilege without changing the config or uploading new
files?
I have to demo the ability to gain administrator access to a Win 2000
box, the catch is no changes on the box so adding a user or loading
whoami.exe from resource kit would not be options. Any suggestion here
would be appreciated.
Thanks
---
Dillama
------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------
------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------
#####################################################################################
Warning:
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to which it is addressed. If you
are not the named addressee any review, dissemination, distribution or
duplication of this e-mail is strictly prohibited. If you have received this
email in error, please let us know by e-mail and delete it from your system.
Please note that any personal views or opinions presented in this email are
solely those of the author and do not necessarily represent those of the
company.
Thank You.
#####################################################################################
