Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Thor (Hammer of God) (thorhammerofgod.com)
Date: Thu Nov 22 2007 - 11:46:01 CST
You've got to be WAY more specific. Do you really mean NT? As in
"NT?" What do you mean "Registry and BIOS are disabled?" Exactly how
have they disabled the USB, CD and floppy? When you say "the other
option is to access other domains thru this one," what does that mean?
And what is your goal- just to get local admin? If all the processing
is "online and nothing is stored locally" what difference does it make
if you get admin and enable USB? There are a million ways to "get
admin" on an NT box, or any box for that matter if you're sitting in
front of it.
There are many people on this list who can help, but if you want to get
any value out of a post, you've got to be clear about what you want.
All that being said, the first thing I would suggest is to hire a
professional pen-tester unless you are just doing this for fun.
> -----Original Message-----
> From: listbouncesecurityfocus.com
> [mailto:listbouncesecurityfocus.com] On Behalf Of sisram2gmail.com
> Sent: Thursday, November 22, 2007 5:32 AM
> To: focus-mssecurityfocus.com
> Subject: Windows NT Desktop
> Hi All,
> I was wandering if anyone could help me with the following
> There are couple of PC's (Windows NT) which are part of a domain (say
> XYZ). For the users of this domain the USB, CD drive etc. are
> The commond prompt , RUN option, Regestiry and BIOS is also disabled.
> Also the admin has done the hardening at desktop level and not at
> domain level
> The PC's have access to an application on remote server via html
> All the processing is done online and nothing is stored locally
> Objective and ethical test that needs to be done
> I want to get local admin rights or somehow change the privilge levels
> to enable USB or Floppy drive. The other option is if I could access
> other domains thru this one.
> It would be nice if someone could suggest a methodology or approach