Since I knew who Paula Januszkiewicz is I have been under her impression. Today I watched her presentation from TechEd and I try to show some of her trick :)
The first is connected with winlogon - Paula shows that there is possible to get access to a administrator's PC without having their credentials. How? By using psexec. Its a tool which can leverage your credentials and make many impossible things real. The tool is written by Mark Russinovich - my personal God of Windows Internals :) So...
1. Download the tool and open the command line with the administrator privileges.
Of course you have got the UAT turned on so confirm the operation.
2. Go the the psexec directory and you may read the help about this great tool.
3. Enter the following command
About arguments you can real in the previously mentioned help :)
4. Lock the screen in normal way e.g CTRL+ L.
5. When locked screen is displayed, press ALT+TAB - you have got a command line. Run the explorer.exe and make fun with system account provileges :)
No comments:
Post a Comment