Anyone knows how you get an admin shell with the media hack.. i'm currently exploiting my scans with asd.exe but that one only creates a normal shell so i can't create a user or start/stop a service.. i think it MUST be possible to get an admin shell so you can do everything but i can't find the right tools for it.. help help help ... tnx in advance

Ive heard you can .. but with some kinda admindll. There was a tutorial for it a while back but i cant seem to find it again. Its possible to get a shell with admin rights i know forsure.

a cople days ago i've seen a shell on port #34817 and that shell has admin rights, when you connect to it, it starts in a temp folder from a user or windows temp itself.. don't know that anymore... but my shell was on port 34816 and that admin on 34817 so it's possible yes, but how

nobody that knows it?

has something to do with that admin.dll crap

what exploit are you guys using... some sploits give you a shell in the conext of the currently signed on user.. and some give you NT_AUTHORITY/SYSTEM permissions.. so depending on the exploit you gotta figure it out.. or tftp yourself some priviledge escalation tools i started to write a paper on things to do from a NT shell its not finished yet but it should give u some pointers... http://illmob.org/rootNT.html

damn, I exploitd two boxes, but the permission is not enough to add a user...damn

why do you need admin account for? you can start serv-u and other with regular account

You could try putting somethign like

but ... hmmm - there must be any possibilty to get admin accs - i tried alot, but nothing works ;(

most servers u cannot write in most folders ! but i think c:\temp or c:\winnt\temp is working fine ! u can execute and remove files in there

we dont want that, we want full axx, we want to start a service stop a service make a user enz enz the full rights

use a local exploit, like the one for named pipes.

Can you start a batch file as a service?

whats the difference???
you cant add any service

The Shell type you get all depends on the admin in front of the computer and the way that the comp its self is setup .. not on the exploit nor the port . You'll hit very few but you will hit the odd Admin acount where you can start / stop services, Best thing I could suggest is use tlist.exe Mircrosoft version seems to work better then a generic runs under the guest accounts easier and kill what processes yah want . Instead of installing the services using firedaemon etc .. Take a snap shot of your reg entries then install the service on your comp servu-u etc then edit those entries to a .reg. Start your FTP as per normal then execute the .reg wont usually add through the shell but will on FTP.

OFF TOPIC

yes really cool :

but the HTTP banner is really easy to change ...