Factbites
 Where results make sense
About us   |   Why use us?   |   Reviews   |   PR   |   Contact us  

Topic: GetAdmin


  
  Encyclopedia article: GetAdmin   (Site not responding. Last check: 2007-10-20)
A computer security (additional info and facts about computer security) utility going by the name GetAdmin was released in early July, 1997.
The utility exploited a flaw in the Microsoft (additional info and facts about Microsoft) Windows NT 4 operating system ((computer science) software that controls the execution of computer programs and may provide various services) in order to escalate privileges of an arbitrary specified account.
GetAdmin will no longer work on newer versions of Windows operation systems and patches have been made available for NT4.
www.absoluteastronomy.com /encyclopedia/g/ge/getadmin1.htm   (86 words)

  
 [No title]   (Site not responding. Last check: 2007-10-20)
Below is an account of the testing of this: When I ran getadmin.exe on NT 4 Workstation (SP1) a memory error occured in winlogon.exe.
As to why getadmin was failing after SP3 was installed I can't be quite sure.
This could obviously be refined....spoolss.exe and winlogon.exe being the likely candidates to be targeted for causing memory problems...all that you need is either a way to get a service to crash or to write a util that will do it for you.
packetstormsecurity.nl /Exploit_Code_Archive/get-admin-NT.txt   (371 words)

  
 [No title]   (Site not responding. Last check: 2007-10-20)
The only way to use GetAdmin to modify a domain account database is to log on to a primary domain controller and run the utility locally on the PDC.
GetAdmin abuses this to set bit 0 of the byte at address NtGlobalFlag + 2.
GetAdmin is traversing the list of exports in NTOSKRNL.EXE until it hits the 'NtGlobalFlag' entry.
p.ulh.as /xploitsdb/NT/getadmin.html   (1050 words)

  
 nt-part2_59
GetAdmin abuses this to set bit 0 of the byte at address NtGlo-
GetAdmin is traversing the list of exports in NTOSKRNL.EXE until it
•¬†¬†¬†GetAdmin opens the Winlogon process and adds a suspended thread to it.
www.blacksheepnetworks.com /security/info/nt/analysis/nt-part2_59.html   (465 words)

  
 [No title]
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM Subject: Default permissions on Registry key creates a getadmin hole Summary: There is an interesting hole opened up in the winlogon registry key on NT 4 that allows elevation of privileges to both local and global Administrator level.
Hence, this isn't the same as a getadmin hole that enables an unprivileged user to become administrator -- a server operator is already very privileged.
Nonetheless it is always useful to be reminded to go back and check our installations to make sure that their permission settings are up to snuff.
www.phreak.org /archives/security/windows/GetadmforSops.txt   (602 words)

  
 [No title]   (Site not responding. Last check: 2007-10-20)
By altering where the output can be written to, GetAdmin adds a user to the Administrators group.
The easiest way to use it is to simply copy it to \TEMP (along with its DLL, GASYS.DLL) and run it like so: GETADMIN GUEST (or whatever account you wish to add).
GetAdmin will add domain accounts on a primary domain controller and even other domain accounts.
users.erinet.com /1992/NTSecFaq/ntsec04.html   (579 words)

  
 GetAdmin - Wikipedia, the free encyclopedia
You can help in our current fundraiser by donating here!
The utility exploited a flaw in the Microsoft Windows NT 4 operating system in order to escalate privileges of an arbitrary specified account.
This page was last modified 05:07, 20 December 2005.
en.wikipedia.org /wiki/GetAdmin   (94 words)

  
 kbAlertz: A utility, Getadmin.exe, is being circulated on the Internet that grants normal users administrative rights ...
In the specific case of GetAdmin, it attaches to the WinLogon process, which is running in the system's security context, and makes standard API calls that add the specified user to the administrators group.
It is important to note that any account which has been granted the rights to "Debug Programs" will always be able to run Getadmin.exe successfully, even after the application of the hotfix.
A fix to the Windows NT Kernel routine, which was being used to set the global flag, has been developed by Microsoft.
www.kbalertz.com /Q146965/GetAdmin.Utility.Grants.Users.Administrative.Rights.aspx   (856 words)

  
 find getadmin serials | cracks | hacking | warez at www.darktoolbox.com   (Site not responding. Last check: 2007-10-20)
GetAdmin NT exploit Windows NT 4.0 Exploit: Allows intruders to become...
All you need to do to test this exploit is log onto your...
getadmin exploit Description: Someone posted this executable to several...
www.darktoolbox.com /getadmin.html   (192 words)

  
 find getad serials | cracks | hacking | warez at www.darktoolbox.com   (Site not responding. Last check: 2007-10-20)
GetAdmin will add domain accounts on a primary...
...a hotfix for the "getadmin" exploit, located at:...
...'getadmin' exploit, go to: http://www.ntsecurity.net and search for...
www.darktoolbox.com /getad.html   (235 words)

  
 Technical Reference: Communications, Volume 2 - getadmin Utility   (Site not responding. Last check: 2007-10-20)
The getadmin utility returns a pointer to the module identified by the mid parameter.
On successful completion, the getadmin utility returns a pointer to the specified module.
This utility is part of STREAMS Kernel Extensions.
www.ncsa.uiuc.edu /UserInfo/Resources/Hardware/IBMp690/IBM/usr/share/man/info/en_US/a_doc_lib/libs/commtrf2/getadmin.htm   (61 words)

  
 Gaining Administrator Access on NT   (Site not responding. Last check: 2007-10-20)
We were able to add users from a another domain into the Administrators group of the local machine.
Hopefully someone will be able to fill in the gaps so that together we"ll get the whole picture of what GetAdmin really does.
And be sure to read the README file and KB article as well.
windowsitpro.com /Articles/Index.cfm?ArticleID=9231&DisplayTab=Article   (1492 words)

  
 MS posts GetAdmin fix for NT | CNET News.com
The tool, called GetAdmin, only works on Windows NT 4.0 machines and does not affect previous versions of the popular operating system.
In the aftermath of the initial fix being posted, several emails were sent to CNET's NEWS.COM indicating that the patch does not completely fix the problem.
A Web site dedicated to Windows NT security issues also warns readers that GetAdmin can still work with the fix in place.
news.com.com /2100-1001-201293.html   (815 words)

  
 The Hack FAQ: NT Client Attacks
Since it is a command line tool, it will work across a telnet session if you've uploaded it to the target.
Crash4 rearranges a few things on the stack to allow GetAdmin to work.
The easiest way is to run GetAdmin as mentioned above, but here is an older tricks for basic NT 3.51, which as some has some stuff read/writeable by default.
www.nmrc.org /pub/faq/hackfaq/hackfaq-15.html   (2737 words)

  
 BugNet Alert (GetAdmin Security Hole in NT 4.0)   (Site not responding. Last check: 2007-10-20)
GetAdmin allows users with log-in rights to a system to exploit a bug in Windows NT -- including the latest Service Pack for NT -- and add themselves to the local administrator's group account, giving them access to another user's e-mail, documents, etc.
The creator of GetAdmin, a student named Konstantin Sobolev, recently posted the program to the world wide web at
Sobolev noted that the only way to prevent the attack would be for Microsoft to "patch ntoskernel and replace function NtAddAtom so it checks for valid address."
www.bugnet.com /alerts/bugalert_79.html   (147 words)

  
 BLU: Getadmin.exe Causes a STOP 0xC000021A (171777)   (Site not responding. Last check: 2007-10-20)
After you apply the post-Service Pack 3 Getadmin hotfix and run Getadmin.exe, a blue screen STOP 0xC000021A error message is displayed.
Reapply the Getadmin hotfix while the anti-virus is disabled or uninstalled.
For additional information about the Getadmin utility and the available hotfix, please see the following article in the Microsoft Knowledge Base:
www.it-faq.pl /mskb/171/777.HTM   (162 words)

  
 GetAdmin source code.   (Site not responding. Last check: 2007-10-20)
Simply run GetAdmin or GetAdmin account_name from the command line.
Here’s string that has done all in getadmin: ChangeNtGlobalFlag(GetNtGlobalFlagPtr()); After that you can open any process in the system, because function NtOpenProcess does not checks for a SE_DEBUG_PRIVILEGE when bit in NtGlobalFlag+2 is set.
You can remove all access from ntoskernel but it's possible to take into account in the fixed address of the NtGlobalFlag in the GetAdmin programm.
cmp.phys.msu.su:8000 /ntclub/pub/code.htm   (285 words)

  
 [NTSEC] Getadmin   (Site not responding. Last check: 2007-10-20)
Here's yet another question about getadmin : Is it possible to run the getadmin.exe in windows 95 and get it to work properly if the NT dll's it needs were copied into the c:\windows\system directory?
If so, is there a patch available that will allow me to protect myself against this attack?
How open to attack will this leave me. (I am planning to disable logons from administrator, setup, etc. Just bog standard users will have access to logon.
www.hum.aau.dk /~magnus/MHonArc/NTSEC/msg02600.html   (123 words)

  
 [No title]   (Site not responding. Last check: 2007-10-20)
Here's string that done all in getadmin: ChangeNtGlobalFlag(GetNtGlobalFlagPtr()); After that you can open any process in system, becose function NtOpenProcess not checks for SE_DEBUG_PRIVILEGE if bit in NtGlobalFlag+2 is set.After it, program injects dll in winlogon process.
You can remove all access from ntoskernel but it possible to enter fixed address of NtGlobalFlag in getadmin.
And exist other ways to get administrator rights if you can write to kernel memory.
packetstormsecurity.nl /advisories/mci/iMCISE:IMCIISS:071097:01:P1R1   (271 words)

  
 The ever popular getadmin exploit
However after a few hours of work, I was able to create a new exploit which also works with this patch Microsoft just realeased.
My program will simply change the byte of NtGlobalFlag to the DEBUG value, so you can run GetAdmin (which after the fix is not working anymore).
Since compiling the source is very difficult, the compiled binary is avaible at http://www.gecad.ro/~craiu/cr4.exe This program was tested on 2 Windows NT patched machines, and worked ok.
www.insecure.org /sploits/NT.get-admin.kernal.hole.html   (1098 words)

  
 GetAdmin
Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service.
GetAdmin: at least 33 KB Detection and Removal
Follow these steps to remove GetAdmin from your machine.
www.pestpatrol.com /pest_info/Stomp/g/getadmin.asp   (214 words)

  
 CVE-1999-0496   (Site not responding. Last check: 2007-10-20)
It was reviewed and accepted by the CVE Editorial Board before it was added to CVE.
A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.
Note: References are provided for the convenience of the reader to help distinguish between CVE entries.
cve.mitre.org /cgi-bin/cvename.cgi?name=1999-0496   (86 words)

  
 u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h
Logon "downgrade" attack to force a plaintext password.
Crash4, run before GetAdmin if the GetAdmin Hot Fix is loaded.
Fake SMB server that tries a dialect downgrade to get plaintext passwords from remote users.
www.ussrback.com /NT/hack   (323 words)

  
 DGLInfo: GetAdmin Fix for Windows NT 4.0   (Site not responding. Last check: 2007-10-20)
Microsoft posted a fix to thwart the efforts of hackers using a tool to gain administrative privileges to a local Windows NT machine for which they have been granted only user privileges.
The hackers' tool, GetAdmin, only works on Windows NT 4.0 machines.
Windows NT has been subject to increasingly frequent attacks from hackers looking to poke holes in the popular platform.
dgl.com /dglinfo/1997/dg970709.html   (151 words)

  
 The Guides to (mostly) Harmless Hacking   (Site not responding. Last check: 2007-10-20)
The Microsoft site has a hotfix for the "getadmin" exploit, located
For more information on the 'getadmin' exploit, go to:
Another local exploit similar to the "getadmin" exploit has popped up.
happyhacker.org /gtmhh/vol3no10.shtml   (1204 words)

  
 GetAdmin   (Site not responding. Last check: 2007-10-20)
After that I went on the web to search for the way it was done.
To do this I visited the Hakerz hideout and checked the archives finding the program GetAdmin, it allowed an normal user to grant themselves admin access to a computer running NT 4.0.
So long as it did not have service pack 4 installed which contained the fix it would work.
www.serverwatch.com /tutorials/article.php/1491581   (687 words)

  
 AntiOnline Forums Archive   (Site not responding. Last check: 2007-10-20)
simply type getadmin aor getadmin and enjoy
This exploit by exploiting existing Windows NT services, an application can locate a certain
but the the most easiest way is getadmin...
www.antionline.com /history/topic.php/245516-1.html   (413 words)

  
 Getadmin
Says it a hacktool when you scan bu pretty sure it just norton worning
Sep 2 2003, 04:26 PM does getadmin work with a iismedia hack and where do i type this in in dos or in remote and what do i exactly type thnx
Sep 11 2003, 12:51 AM getadmin i think is only for local privilege escalation...
www.governmentsecurity.org /archive/t1747.html   (428 words)

  
 [No title]   (Site not responding. Last check: 2007-10-20)
-------------------------------- To: BUGTRAQ@NETSPACE.ORG Subject: GetAdmin Hotfix From: Mark Joseph Edwards
Date: Tue, 8 Jul 1997 17:16:20 -0500 Here's the KB article for GetAdmin from MS.
This utility can be run from any user context except Guest and grants a local user account administrative rights.
web.telia.com /~u34002171/hhd/1997/hhdjul8.txt   (1730 words)

Try your search on: Qwika (all wikis)

Factbites
  About us   |   Why use us?   |   Reviews   |   Press   |   Contact us  
Copyright © 2005-2007 www.factbites.com Usage implies agreement with terms.