General discussion

Locked

Brute Force Gain Administrative Rights

By mzy ·
Hi, I've a recent case:
- Win XP Professional, users log in to the computer (not the network)
- all user accounts are power users (except administrator's account)
- bios locked out. administrative tools usage, many security folders within "C:\Windows\" has been denied write-access to everyone except admin users

Despite such changes, a Power User was tracked to have brute force upgraded himself to an admin. The right to upgrade themselves is not given to power users.

I am puzzled as to how this can be done, so whoever can give me specific instructions how this can be done (verified by testing on the com itself) will get the points. Thank you. More info available on request.

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by tumtum73 In reply to Brute Force Gain Administ ...

If multiple users logon to the workstation, any of the Power Users could own the system easily. You see Power Users access gives the user access to install programs. Anyone could load a keystroke logger, and capture the Administrators password whenever he logs in without him even knowing it. Then at his convenience the Power Users logs in normally checks the log and logs in as the Admin using his password, reecently captured, and upgrades his account. Done.

This is just an assumption, you might want to turnon auditing on that system to try to determine what is being done to that system.

Steve

Collapse -

by mzy In reply to

Thank you, if you have more ideas can you please answer again? I have turned on auditing, no programs were installed by the user. If it helps, he also gained write-access to boot.ini (originally no-access by power users), the only file he tried to edit (and successful..).

Collapse -

by mikex In reply to Brute Force Gain Administ ...

Strong suggestion - talk with the user and leave him with administrative righta + all of the responsibilities going with them. Otherwise - the more you're restricting, the more puzzled you'll be. And don't forget to post the results please...

Collapse -

by mzy In reply to

Not possible. Taking a very big risk here if I do that. With real admin rights he would wreck havoc in the place. Tried that long ago too, btw, and tested true..

Collapse -

by aseem_kumar_2001 In reply to Brute Force Gain Administ ...

Which other OS have u on ur PC
Maybe he got the sam file broken

Collapse -

by mzy In reply to

No other OS. He does not know about SAM.

No viable answers here.. Shall close the case then. Thanks for answering.

Collapse -

by aseem_kumar_2001 In reply to Brute Force Gain Administ ...

Which other OS have u on ur PC
Maybe he got the sam file broken

Collapse -

by mzy In reply to

Poster rated this answer.

Collapse -

by mzy In reply to Brute Force Gain Administ ...

This question was closed by the author

Back to Security Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums