kickarse Posted July 31, 2006 Posted July 31, 2006 So I stumbled across this *ahem* on digg http://www.pandora-security.com/forum/viewtopic.php?t=2093 I haven't gotten it to work at work. I'm sys admin here running a domain. I had my user as guest and normal user and both won't allow this. So i don't know what patches I have that disallow this. Quote
melodic Posted July 31, 2006 Posted July 31, 2006 looks cool man thanks for the link i will check it out :) EDIT DUDE FUCK ME! thats well goood!!! thanks so much for the link...damn windows pcs :P Quote
melodic Posted July 31, 2006 Posted July 31, 2006 yeah i do with all latest updates installed, and it still worked :P Quote
kickarse Posted July 31, 2006 Author Posted July 31, 2006 As a guest, regular user, or as admin? Quote
melodic Posted July 31, 2006 Posted July 31, 2006 admin...why? it should work on nearly ANY xp machine. i think that tut should be copied here with a link to the orginal, and this thread or the new thread should be sticky'd what you say cooper? Quote
cooper Posted July 31, 2006 Posted July 31, 2006 We'd need some interest for this thread first. This thing does have big potential. I mean, hack an XP box remotely so you get a shell. Download some shitty server proggy that will do your bidding, and use the 'at' command to schedule it's starting in the next minute. BOOM! Instant god-mode in XP. If this truly is that simple (i.e. try it as guest first. Then we'll talk) this is a huge snafu for Microsoft. But don't worry, Trusted Computing is still on track. ;) Quote
melodic Posted July 31, 2006 Posted July 31, 2006 i will test tomorrow unless someone will test now? and post screenshots and things like i have a tip for it. DONT cloe the cmd your account opens, cos then you can kill the explorer the system account makes :P and then reopen YOUR explorer in your cmd window Quote
Jester Posted July 31, 2006 Posted July 31, 2006 tried it as a guest account and with a default setup Guest does not have access to the "at" command now a default setup nor does it work with a limited user account with defautl setup on an XP Pro machine. Quote
kickarse Posted August 1, 2006 Author Posted August 1, 2006 Yeah I already explained that it doesn't work as guest or normal user accounts. As admin your golden, but it still gives you access to kernel so it's still highly useful as admin. We might have to find some other ways of escalation to at least admin, then this would rock. Quote
Sparda Posted August 1, 2006 Posted August 1, 2006 I tried this on Windows 2000 SP4 and it didn't work. Quote
kickarse Posted August 1, 2006 Author Posted August 1, 2006 There's also been some mention of MSOOBE.exe being able to escalate priv's. I think if you run msoobe.exe with an Alternate data stream you might be able to escalate there too. Quote
Iain Posted August 3, 2006 Posted August 3, 2006 I'd be interested to know if this works. I know that the "at xx:yy /interactive ...." trick doesn't work on a fully patched XP Pro SP2 when logged on with limited rights. There *must* be a way of doing it, it just hasn't been found yet! I know that access to files can be obtained using Knoppix, BartsPE etc., but that seems like cheating. Quote
kickarse Posted August 3, 2006 Author Posted August 3, 2006 Yeah, it's not as fun when you have a boot disk to pop in when your compromising at Best Buy ... err... The best thing is even as Guest that you can escalate priv's... with some a simple command line hack. Quote
Iain Posted August 3, 2006 Posted August 3, 2006 The best thing is even as Guest that you can escalate priv's... with some a simple command line hack. I thought that was how this thread started and the technique presented has been kicked into touch for a fully patched XP Pro SP2. Use of MSOOBE.exe sounds interesting. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.