Re: GetAd.exe testing

From: Fort _ (
Date: 10/21/02

Date: 21 Oct 2002 13:39:53 -0000
From: Fort _ <>

('binary' encoding is not supported, stored as-is) In-Reply-To: <>

>Downloaded this:
>Security Advisory, Exploit Source and Compiled Binary:
>Ran it as a user on a W2K server that had perms set on the cmd.exe to
Admins and System only....didn't work.
>The exploit does run correctly on a default install of W2K.
>Can anyone else confirm this. It'd be nice if seting perms on one file
would nullify this .exe

Just tested it on Win2k PRO SP2, set cmd.exe to admin and system only,
logged in as guest, tried to run the exploit and it won't work.

teh only problem i can see with this is if you use logon scripts and such,
or you require cmd.exe for other reasons.

So yeah, your way does work :)