How to escalate permission on Windows XP?

[USBHacker]

Might already been brought up, was quickly reading through the thread.

Just flash the admin password or even easier, just bring a copy of Ophcrack from home or.. just bring Cain and Abel on a flashdrive :)

GLHF.

Already tried that. OPHCrack couldn't find the hashes. Cain & Abel worked okay I guess. I actually got the admin password by using LoginRecovery. Tried it out, and found out that it had been disabled.

You don't necessarily have to hack a DC but that can work too. No one asked you what type of services, apps, OS version, open ports, etc that exist on the DC and on your workstation. Also do you have access to debugging, compilers, etc. Hell I have shell code that fits in to 37 bytes. If nothing else you could probably sniff enough info on the wire to get you in eventually. What other platforms if any are authenticating on the domain. Details man, details. Not every hack has a script kiddie solution but everything can be hacked......eventually.

Tell me what you have on the DC and I may be able to give you some options.

I do however agree that these guys are right and its probably not worth risking your job over. Do you just want to install drivers or somthin simple or do you need particular access to services and files that require a higher token ? Drivers can be installed if you just disco from the network and use the local admin account.

k3nNyG

I have a local admin account (that I created). I'll give you a NMap log of the DC tomorrow. Would that help?

Panarchy

PS: Will be ending all my posts with Panarchy, instead of USBHacker from now on.

[Crash0veride]

Already tried that. OPHCrack couldn't find the hashes. Cain & Abel worked okay I guess. I actually got the admin password by using LoginRecovery. Tried it out, and found out that it had been disabled.

I have a local admin account (that I created). I'll give you a NMap log of the DC tomorrow. Would that help?

Panarchy

PS: Will be ending all my posts with Panarchy, instead of USBHacker from now on.

A list of running processes on the host to would be helpful too.

k3nNyG

[USBHacker]

k so if you wanna elevate yourself to SYSTEM priv. use the at command from the command line.

so open a command prompt. at the command prompt type at then hit enter. this may or may not work depending on the windows installation. if youre able to use the at command then go ahead and type

at xx:xx /interactive “cmd.exe” (the xx:xx symbolizes the time. you need to pick a time in the future usually 1-2 min should be fine in military time. after it reaches the time you set then a new cmd window should automatically open except this one will have system privileges. now kill explorer.exe from the task manager, then you should be able to restart explorer with the system cmd shell by typing explorer.exe and voila. you are now system priv and shouldnt be denied access to any files folders etc etc. hope that makes sense

Tried that... got an error: The System cannot find the drive specified.

_________________________

Hello

Attached is a screenshot of running processes.

DC info will be around shortly.

Panarchy

EDIT: Can't tell you my username, soz!

EDIT2: Sorry, can't get DC info till tomorrow. Please tell me what I can/should do with the current info I have just posted.

[DingleBerries]

At PhreakNIC a guy did a presentation on using the haksaw for first responder purposes. If you could get his payload and post that log file it would make this soo much easier. Since the tools are mostly Systernals and are not used maliciously virus protection probably will not pick them up.