Jump to content

How to put script in Startup without Administrators account


marian99us
 Share

Recommended Posts

hello,

I was wondering if it was possible to place items in Windows 7 Startup folder without administrator rights. I have a user account to log in, but no admin rights.

I have ordered a Ducky and was wondering if it would help me achieve that.

I am open to all options, with or without the Ducky.

Booting form USB or CD is not an option. Admin password is required to change the boot sequence.

The Utilman.exe attack has been patched in this 64-Bit Windows 7 Enterprise.

Link to comment
Share on other sites

While I'm not well-versed in the black art of Windows administration, I thought "the startup folder" was in fact a union of the system-wide, admin-controlled startup folder and a local, user-controlled folder with whatever crap programs the local user wants to run at login time. I'm sure an admin could (or should be able to) clamp down on that aswell, but that at its core that's how things go.

If you want a local priv escalation attack, try using the Metasploit module 'Windows TrackPopupMenuEx Win32k NULL Page'. It takes advantage of this security issue and it's the most recent priv escalation in Windows that I could find mention of in the exploit-db. A patch for the issue exists, so if the admin of this box is on the ball/it's auto-updated it will not work anymore, but it might be worth a shot.

Link to comment
Share on other sites

add it to the regestry: HKCU/Software/Microsoft/Windows/CurrentVersion/Run

You can do that from the command prompt without admin privs for the current user on the system

Link to comment
Share on other sites

The registry thing that Newbi3 suggested can still work, assuming the domain admin didn't prevent it using policies and such. Try it on your own box with an innocent script (run calc.exe or whatever) and see if that works.

Link to comment
Share on other sites

It will show up as a startup application but name it something innocuous and you should be good to the glancing eye. If someone is looking for it they will find it

Link to comment
Share on other sites

Is there way to run a script at startup? I mean even before a use has log on to the system.

BTW, when I logon, user data is loaded from a central storage. I mean, if I put some thing on my desktop on one computer, it is going to appear on my desktop on all computer that i log in using my profile. So the profile data is stored centrally!

Link to comment
Share on other sites

For that you need admin privs. The main way that springs to mind for me is to register something as a service, though there must be more ways than just that one.

And services tend to be fairly visible aswel, so...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...