What is the point adding a user without administrator privileges
Exploit help.
Hi guys, I was looking arround in the exploit database and I found a pretty nice one called "IE wshom.ocx (Run) ActiveX Remote Code Execution (add admin user)" so I decided to test it on my VirtualBox (who has Windows XP sp2, no update, no protection) so I tried spoofing my VirtualBox's IP to my apache server with a site that contained the exploit, ActiveX box pops up, I click on run but when I check "net user" in cmd I only see Administrator user.
I've tried to only add a user without Administrator privileges, just a normal one, didn't work.
Can anyone please help me :-?
Re: Exploit help.
What is the point adding a user without administrator privileges
Re: Exploit help.
I tought that windows didn't allow administrators to be added like that, so I figured I should try to add a normal user just to see if it works. It didn't, I tested the exact command as in the exploit code and if I type that in cmd it works, so I just don't get it ...Originally Posted by muminrz
Posting Permissions