marian99us Posted April 8, 2014 Share Posted April 8, 2014 hello, I was wondering if it was possible to place items in Windows 7 Startup folder without administrator rights. I have a user account to log in, but no admin rights. I have ordered a Ducky and was wondering if it would help me achieve that. I am open to all options, with or without the Ducky. Booting form USB or CD is not an option. Admin password is required to change the boot sequence. The Utilman.exe attack has been patched in this 64-Bit Windows 7 Enterprise. Quote Link to comment Share on other sites More sharing options...
cooper Posted April 9, 2014 Share Posted April 9, 2014 While I'm not well-versed in the black art of Windows administration, I thought "the startup folder" was in fact a union of the system-wide, admin-controlled startup folder and a local, user-controlled folder with whatever crap programs the local user wants to run at login time. I'm sure an admin could (or should be able to) clamp down on that aswell, but that at its core that's how things go. If you want a local priv escalation attack, try using the Metasploit module 'Windows TrackPopupMenuEx Win32k NULL Page'. It takes advantage of this security issue and it's the most recent priv escalation in Windows that I could find mention of in the exploit-db. A patch for the issue exists, so if the admin of this box is on the ball/it's auto-updated it will not work anymore, but it might be worth a shot. Quote Link to comment Share on other sites More sharing options...
newbi3 Posted April 10, 2014 Share Posted April 10, 2014 add it to the regestry: HKCU/Software/Microsoft/Windows/CurrentVersion/Run You can do that from the command prompt without admin privs for the current user on the system Quote Link to comment Share on other sites More sharing options...
potato Posted April 11, 2014 Share Posted April 11, 2014 If you just want to do this for the user you are logged in as, place a shortcut in %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Quote Link to comment Share on other sites More sharing options...
cooper Posted April 11, 2014 Share Posted April 11, 2014 Wouldn't that show up in the "Start up" menu under the start menu though? Quote Link to comment Share on other sites More sharing options...
marian99us Posted April 14, 2014 Author Share Posted April 14, 2014 But the problem is, I would like to put the script, so that it is executed at Login for every user in the Network. So, I guess the problem can only solved with an escalation of priviledges ! Quote Link to comment Share on other sites More sharing options...
cooper Posted April 14, 2014 Share Posted April 14, 2014 The registry thing that Newbi3 suggested can still work, assuming the domain admin didn't prevent it using policies and such. Try it on your own box with an innocent script (run calc.exe or whatever) and see if that works. Quote Link to comment Share on other sites More sharing options...
newbi3 Posted April 14, 2014 Share Posted April 14, 2014 It will show up as a startup application but name it something innocuous and you should be good to the glancing eye. If someone is looking for it they will find it Quote Link to comment Share on other sites More sharing options...
cooper Posted April 14, 2014 Share Posted April 14, 2014 Network Driver Support.exe :-) Quote Link to comment Share on other sites More sharing options...
marian99us Posted April 14, 2014 Author Share Posted April 14, 2014 Is there way to run a script at startup? I mean even before a use has log on to the system. BTW, when I logon, user data is loaded from a central storage. I mean, if I put some thing on my desktop on one computer, it is going to appear on my desktop on all computer that i log in using my profile. So the profile data is stored centrally! Quote Link to comment Share on other sites More sharing options...
cooper Posted April 14, 2014 Share Posted April 14, 2014 For that you need admin privs. The main way that springs to mind for me is to register something as a service, though there must be more ways than just that one. And services tend to be fairly visible aswel, so... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.