-
March 3rd, 2005, 01:16 AM
#11
Originally posted here by slinky2004
well, i'm positive that the student accounts aren't supposed to have those privileges. they arent't like administrator privs like the school network admins would have, they just have the privileges to do whatever they want on that machine locally. they can read/write anywhere, run regedit, change the background, install things, etc. i know that there isnt any way that they got these privs legitimagely either.
Actually, there's a very good chance they got those legitimately. Users at my school have the same rights, although they aren't admin accounts. Chances are you have another lazy admin.
It is better to die on your feet than to live on your knees.
-
March 3rd, 2005, 03:43 AM
#12
It is a pretty good chance they got it legitimatly, admins give a certain amount of computer savvy and trustworthy students higher priveledges to help the admin do certain stuff like install patches for certain software on certain machines, and in return the students get volunteer credits...
-
March 3rd, 2005, 05:04 AM
#13
Senior Member
actually, all of the accounts belonged to freshmen, so either the admin hasnt locked the freshmen's accts up or the some of the freshmen got together hacked the computers they were on. i guess there's an equal chance of both.
-
March 3rd, 2005, 05:22 AM
#14
Junior Member
If they didn't get admin privileges from the admin then they probably just went to cmd and typed in:
at /00:00 /i taskmgr (fill in 00:00 with a time coming up soon)
once taskmgr opened, killed explorer and opened another with system privileges for that machine
I believe White Scorpion was first to point out this privilege escalation method.
As for what to do about it, you could try just talking to the admin, they may not even believe you or they may freak out, but if they didn't give them admin they will definitely want to know about it.
-
March 3rd, 2005, 05:50 AM
#15
It really doesn't matter how the admin privs got there. What really matters is that you changed the password and kept the admin capable account for yourself... right? lol jk...
-
March 3rd, 2005, 03:46 PM
#16
Admin Access
I have local admin access to every PC. I help out around the school with tech issues. There are two ways I think they could have done it.
1) If you logon as local administrator, you can add domain users to the local admin group (assuming the domain didn't disable that, ours did).
or:
2) On that PC, they created a new user with their name and gave themselves admin priviledges. They used their name because the username shows on the XP start menu and they wouldn't want a faculty member noticing...either way, they got the local admin accounts.
They could have gotten local admin accounts by being a Tech Team member or something...or they took the SAM files home and cracked them with Lopht Crack (http://www.atstake.com/products/lc/) or Cain 2.0(www.oxid.it).
There is a nice SAM editor I have. You can change the admin password, and create accounts..all via a Linux bootdisk with a command prompt.
Hope this helps.
A_T
PS - Why do anything about it? Blackmale the little bastards into giving you the password.
Geek isn't just a four-letter word; it's a six-figure income.
-
March 3rd, 2005, 10:08 PM
#17
Senior Member
yeah, i guess they could have cracked it that way, but it's starting to seem alot more likely that the admin forgot to lock the comps for the new freshmen accounts, lol.
PS - Why do anything about it? Blackmale the little bastards into giving you the password.
Cuz I wear teh white hat
-
March 4th, 2005, 02:54 PM
#18
Senior Member
It is a pretty good chance they got it legitimatly, admins give a certain amount of computer savvy and trustworthy students higher priveledges to help the admin do certain stuff like install patches for certain software on certain machines, and in return the students get volunteer credits...
*raises hand* guilty.
Really, just say 'mr. admin, why did i find accounts with admin privilages that students were using?' It may be legitimate, but ask, just to be sure.
I know your type, you think "I'll just get me a costume, rip off the neighborhood kids". Next thing you know, you've got a jet shaped like a skull with lasers on the front!
-The Monarch.
-
March 4th, 2005, 03:42 PM
#19
Two other possibilities:
1. There is some app on those computers that needs admin level access to run (or the admin is too lazy to figure out the correct minimal file permissions).
2. The used a Linux or PE Builder boot disk and change the administrator password, then added their account to the local admins group:
net localgroup administrators myaccount /add
3. if they just copied of the SAM and SYSTEM file and cracked it using SAMInside and L0phtcrack then could find out the admin password on one computer, and set them selves up to be admins on other boxes remotely after connecting to a file share on them as admin (hope that made sense):
at \\Some-school-box 11:51am net localgroup administrators myaccount /add
-
March 4th, 2005, 03:59 PM
#20
If they didn't get admin privileges from the admin then they probably just went to cmd and typed in:
at /00:00 /i taskmgr (fill in 00:00 with a time coming up soon)
once taskmgr opened, killed explorer and opened another with system privileges for that machine
I believe White Scorpion was first to point out this privilege escalation method.
This would only run if the admin is implementing very poor security on the box. If they can run this command, there are many many additional ways to escalate privilages. Allowing end users to perform administrative tasks such as TASKMGR is an absolute no no.
Also. It is hard to say how they got root. It could be as easy as booting the NTpassword crack floppy or it could be more complex such as sniffing NTLM sessions then running l0pht or the like against the collected hashes.
If you ask me, this sounds like piss poor administration is your real issue, not the security incident.
PS
The command wont run as written.
It should be:
C:\AT 00:00 /i taskmgr
The extra "/" will hose up the command.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|