On Fri, 6 Jul 2001, Matt Andreko wrote: > I normally do not do pen tests on the win2k operating system. However I am > doing one at the moment. I have successfully got Administrator privelages, > but only at a pseudo-dos-prompt... Is there anything i can do to get > graphical abillities, since windows is basically useless without just > graphics. I have used the "net user" command to create a new user, and > added it to the Administrators group, but I do not have physical access to > this machine. > > Any help would be appreciated. Depends on what you want to do. If you insist on having a GUI, and you are not concerned about stealth, you could use the "pseudo-dos-prompt" to grab VNC from one of your machines, install and run as a service. That's not exactly the stealth approach...but it will get you a GUI. Like I say, it just depends on what your goals are. Personally, I think you've gone far enough. At this point I'd tell the client that you have access (however rudimentary) and offer to help tighten up the box on site. Then you'll be able to audit the system more thoroughly. -- Jonathan Rickman X Corps Security http://www.xcorps.net -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 13:08:32 PDT