HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 46 guests online
 
Advertisement

You are here: Home arrow Resourcesarrow Tutorialsarrow Privilege escalation - Step by Step (Windows XP)
EH-Net
May 19, 2013, 09:33:29 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Privilege escalation - Step by Step (Windows XP)  (Read 16484 times)
0 Members and 1 Guest are viewing this topic.
Manu Zacharia (-M-)
Sr. Member
****
Offline Offline

Posts: 393


c0c0n Hacking Conference - where hackers unite


View Profile WWW
« on: September 04, 2006, 10:19:45 AM »
Hi All,

I recently came across an interesting article on previlege escalation on a Windows XP system using the at command. I dont know whether all are aware of this technique, but I am very new to it and it also mentions about how to prevent it.

The link is

Click Here



Regards and best wishes,

The Morpheus
« Last Edit: January 09, 2007, 09:07:42 PM by The Morpheus » Logged
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)˛, C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
LSOChris
Guest
« Reply #1 on: September 04, 2006, 11:33:07 AM »
they were just talking about this on the CISSP mailing list...

the hack goes from being administrator to SYSTEM, while that has its benefits, from a user perspective its not that useful...its arguable either way and i wont claim to be an Windows XP expert to know all the differences in permissions.

a better way to use the AT hack would be to have your shell from your exploit and use the AT command to start your backdoor everyday for you or something like that. now, you have a SYSTEM level backdoor waiting for you and thats a neat trick.

using it to go from admin to system is just a neat parlor trick, but I love neat little tricks!
Logged
Kev
Guest
« Reply #2 on: September 06, 2006, 09:50:54 AM »
  Yes, that’s a nice trick. Getting system access was the value of the so called “shatter attack”.  If I can get to system level access, that’s great, because system level access is even more powerful than Admin level access. The system account can get to things and make changes that we as humans can’t normally see and do, such as the NTDS.Dit file that stores the data base for active directory or the system volume information. Sometimes there might be needed information there and its good place to access.
Logged
LSOChris
Guest
« Reply #3 on: September 06, 2006, 11:27:22 AM »
excellent post that got me thinking about what kind of damage you could do with that trick in an AD environment.  because we know that local admin on a box isnt even close to a domain admin in privs....hmmmm definitely something to play with in the lab
Logged
tex1ntux
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #4 on: November 04, 2006, 12:04:51 PM »
Quote from: ChrisG on September 06, 2006, 11:27:22 AM
excellent post that got me thinking about what kind of damage you could do with that trick in an AD environment.  because we know that local admin on a box isnt even close to a domain admin in privs....hmmmm definitely something to play with in the lab
I've played with this trick before...
I have a class in a computer lab, and all of the students have an admin account (it's an networking class and we have to set static IPs for labs).  Anyways, one time I tried to run LCP on the comp from the admin account, but it was blocked.  I used this at hack to get into system, and then it ran just fine.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.071 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.