Re: [Full-disclosure] elevating privileges from Admin to SYSTEM

Dear NULL,

from Administrator to SYSTEM level

- Task sheduler
at xx:xx cmd.exe
- CreateRemoteThread & LoadLibrary Thread injection (lsass etc.)
- The CreateRemoteThread & WriteProcessMemory Technique (lsass etc.)
- CreateRemoteProcess() Process injection (lsass etc.)
- Drivers/services creating windows (handles)....
- Drivers/services opening a "Can't find help file" when sending F1 keypress to
the windows it's supposed not to create, then browing to cmd.exe and
right clicking open..
- Driver/services calling c:\program files\whatever.exe without quotes
*wink wink* had to put that one here.

Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -