HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 19 guests and 1 member online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Resourcesarrow Tutorialsarrow Privilege escalation - Step by Step (Windows XP)
Ethical Hacker Community Forums
November 22, 2008, 10:10:25 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Privilege escalation - Step by Step (Windows XP)  (Read 6651 times)
0 Members and 1 Guest are viewing this topic.
Manu Zacharia (-M-)
Full Member
***
Offline Offline

Posts: 193



View Profile WWW
« on: September 04, 2006, 10:19:45 AM »
Hi All,

I recently came across an interesting article on previlege escalation on a Windows XP system using the at command. I dont know whether all are aware of this technique, but I am very new to it and it also mentions about how to prevent it.

The link is

Click Here



Regards and best wishes,

The Morpheus
« Last Edit: January 09, 2007, 09:07:42 PM by The Morpheus » Logged
Manu Zacharia
Certified ISO 27001:2005 (Information Security Management System) Lead Auditor
Promote the Information Security Day
Visit - http://www.informationsecurityday.com
ChrisG
EH-Net Columnist
Hero Member
*****
Offline Offline

Posts: 1038


View Profile WWW
« Reply #1 on: September 04, 2006, 11:33:07 AM »
they were just talking about this on the CISSP mailing list...

the hack goes from being administrator to SYSTEM, while that has its benefits, from a user perspective its not that useful...its arguable either way and i wont claim to be an Windows XP expert to know all the differences in permissions.

a better way to use the AT hack would be to have your shell from your exploit and use the AT command to start your backdoor everyday for you or something like that. now, you have a SYSTEM level backdoor waiting for you and thats a neat trick.

using it to go from admin to system is just a neat parlor trick, but I love neat little tricks!
Logged
...tests i took go here...

http://carnal0wnage.blogspot.com/
Kev
Guest
« Reply #2 on: September 06, 2006, 09:50:54 AM »
  Yes, that’s a nice trick. Getting system access was the value of the so called “shatter attack”.  If I can get to system level access, that’s great, because system level access is even more powerful than Admin level access. The system account can get to things and make changes that we as humans can’t normally see and do, such as the NTDS.Dit file that stores the data base for active directory or the system volume information. Sometimes there might be needed information there and its good place to access.
Logged
ChrisG
EH-Net Columnist
Hero Member
*****
Offline Offline

Posts: 1038


View Profile WWW
« Reply #3 on: September 06, 2006, 11:27:22 AM »
excellent post that got me thinking about what kind of damage you could do with that trick in an AD environment.  because we know that local admin on a box isnt even close to a domain admin in privs....hmmmm definitely something to play with in the lab
Logged
...tests i took go here...

http://carnal0wnage.blogspot.com/
tex1ntux
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #4 on: November 04, 2006, 12:04:51 PM »
Quote from: ChrisG on September 06, 2006, 11:27:22 AM
excellent post that got me thinking about what kind of damage you could do with that trick in an AD environment.  because we know that local admin on a box isnt even close to a domain admin in privs....hmmmm definitely something to play with in the lab
I've played with this trick before...
I have a class in a computer lab, and all of the students have an admin account (it's an networking class and we have to set static IPs for labs).  Anyways, one time I tried to run LCP on the comp from the admin account, but it was blocked.  I used this at hack to get into system, and then it ran just fine.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.043 seconds with 23 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
During the most recent election, I:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.