Re: priviledge escalation techniques
From: lists (lists_at_innocence-lost.net)
Date: 01/17/05
- Previous message: Rogan Dawes: "Re: DoS/DDoS Attack"
- In reply to: miguel.dilaj_at_pharma.novartis.com: "Re: priviledge escalation techniques"
- Next in thread: jnf: "Re: priviledge escalation techniques"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Jan 2005 12:19:40 -0700 (MST) To: miguel.dilaj@pharma.novartis.com
> 3) the one I've chosen, similar to (1) above. I've XP with the
> Accessibility Tools installed by default. They monitor some keys, and if
> for example you press SHIFT 5 times a popup appears where you can activate
> and configure the accessibility tools. The program responsible for that is
> sethc.exe, and the guys at Micro$oft comit the cardinal mistake of not
> making IT check if SHIFT was pressed 5 times, but to include that in some
> other part of the OS (kernel? ;-)
> So if you press SHIFT 5 times, sethc.exe is executed, but doesn't matter
> WHAT IS sethc.exe
> You guess that, I replaced sethc.exe by a copy of cmd.exe
> If I press that BEFORE login, a CLI as SYSTEM is started, I can launch
> compmgmt.msc and add myself to the local administrators group (please note
> that if you start it AFTER login, a CLI is started as your user).
How do you suppose one gets write access to sethc.exe without admin privs
in the first place? I cannot overwrite my sethc.exe, nor can I change the
system Path variables, and it gets prepended to my path before user
variables do- are you sure you didn't test this while logged in as an
admin?
jnf
- Previous message: Rogan Dawes: "Re: DoS/DDoS Attack"
- In reply to: miguel.dilaj_at_pharma.novartis.com: "Re: priviledge escalation techniques"
- Next in thread: jnf: "Re: priviledge escalation techniques"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
