lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <34718.70.62.79.2.1196200745.squirrel@www.escracing.com>
Date: Tue, 27 Nov 2007 16:59:05 -0500 (EST)
From: justin@...racing.com
To: bugtraq@...urityfocus.com
Subject: Win2K3 Priv Escalation

Alright, i follow bugtraq rather extensively and really never had much to
say, but a friend of mind just contacted me earlier with a problem and i
can't really think of a simple solution. Anyway, I'm hoping someone can
help.

Scenario

Companies previous net admin was ticked he was getting laid off and
removed all users from the Domain Admin group, and the local account
password has been changed to something no one in the company knows. Well,
he tried to reset the admin password(local) using chgntpw(i think thats it
*nix app) and it complains that flags on the filesystem are invalid and to
login to safe mode, reboot, ect. Which he can't do.

The question is, is there any simple way to gain administrative
privileges(preferably domain admin) on win2K3? I've thought of process
injection, possibly a rk, something along those lines, which would either
need to be made from scratch or modified to his specific needs. But all
that just seems over kill when all he needs to do is add a domain admin
acct so he can start being the net admin.

Open to suggestions, flaming because i'm retarded and missing it, ect.

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ