> Question: How can someone bypass restrictions in Win2k > to install software when he doesn?t have proper > privileges?
Privilege escalation is pretty trivial these days...assuming that the user doesn't already have local admin privileges on the system. Not too long ago, a worm used the privilege escalation EXE from DebPloit to gain admin privileges on a system...if a worm can do it, it can't be too hard. Also, there's a Linux bootdisk available that allows the user to change any password on the system w/o knowing it ahead of time. While books like "Hacking Exposed" have a lot of good information in them, they also don't focus specifically on the types of things you're asking about. After all, how would someone hack your workstation using a web server hack, if you're not running a web server? > Reason for asking question: If someone can install > Kazaa, someone can also install a keyreader or something > like that. Yeah, that's always possible...but it's not really your concern. You're a user, so it's evident that you're talking about a corporate envirnment of some kind. Since you're not asking as an admin...what are you worried about? That someone will get on the network and do something using your account? Do you feel as if you're being targetted specifically? If something does happen, then the admins should be able to very easily exonerate you, if you didn't in fact do...whatever. If not, that's what wrongful termination suits are for. > Maybe I am paranoid, but everytime I login, maybe I am > telling someone - hey, this is my passwrd. A little paranoia is a good thing, but since you're a user, it really isn't your concern. After all, if your company has policies against such things as users installing software, then that's an HR/management issue. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com