.

Privilege escalation - Step by Step (Windows XP)

<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Mon Sep 04, 2006 10:19 am

Privilege escalation - Step by Step (Windows XP)

Hi All,

I recently came across an interesting article on previlege escalation on a Windows XP system using the at command. I dont know whether all are aware of this technique, but I am very new to it and it also mentions about how to prevent it.

The link is

Click Here



Regards and best wishes,

The Morpheus
Last edited by morpheus063 on Tue Jan 09, 2007 10:07 pm, edited 1 time in total.
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

LSOChris

Post Mon Sep 04, 2006 11:33 am

Re: Privilege escalation - Step by Step (Windows XP)

they were just talking about this on the CISSP mailing list...

the hack goes from being administrator to SYSTEM, while that has its benefits, from a user perspective its not that useful...its arguable either way and i wont claim to be an Windows XP expert to know all the differences in permissions.

a better way to use the AT hack would be to have your shell from your exploit and use the AT command to start your backdoor everyday for you or something like that. now, you have a SYSTEM level backdoor waiting for you and thats a neat trick.

using it to go from admin to system is just a neat parlor trick, but I love neat little tricks!
<<

Kev

Post Wed Sep 06, 2006 9:50 am

Re: Privilege escalation - Step by Step (Windows XP)

  Yes, that’s a nice trick. Getting system access was the value of the so called “shatter attack”.  If I can get to system level access, that’s great, because system level access is even more powerful than Admin level access. The system account can get to things and make changes that we as humans can’t normally see and do, such as the NTDS.Dit file that stores the data base for active directory or the system volume information. Sometimes there might be needed information there and its good place to access.
<<

LSOChris

Post Wed Sep 06, 2006 11:27 am

Re: Privilege escalation - Step by Step (Windows XP)

excellent post that got me thinking about what kind of damage you could do with that trick in an AD environment.  because we know that local admin on a box isnt even close to a domain admin in privs....hmmmm definitely something to play with in the lab
<<

tex1ntux

Newbie
Newbie

Posts: 1

Joined: Sat Nov 04, 2006 12:48 pm

Post Sat Nov 04, 2006 1:04 pm

Re: Privilege escalation - Step by Step (Windows XP)

ChrisG wrote:excellent post that got me thinking about what kind of damage you could do with that trick in an AD environment.  because we know that local admin on a box isnt even close to a domain admin in privs....hmmmm definitely something to play with in the lab

I've played with this trick before...
I have a class in a computer lab, and all of the students have an admin account (it's an networking class and we have to set static IPs for labs).  Anyways, one time I tried to run LCP on the comp from the admin account, but it was blocked.  I used this at hack to get into system, and then it ran just fine.

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software