Re: priviledge escalation techniques

• Previous message: lists: "Re: priviledge escalation techniques"
• In reply to: miguel.dilaj_at_pharma.novartis.com: "Re: priviledge escalation techniques"
• Next in thread: John Cobb: "RE: priviledge escalation techniques"
• Reply: John Cobb: "RE: priviledge escalation techniques"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 17 Jan 2005 12:45:05 -0700 (MST)
To: miguel.dilaj@pharma.novartis.com

> and the guys at Micro$oft comit the cardinal mistake of not
> making IT check if SHIFT was pressed 5 times, but to include that in some
> other part of the OS (kernel? ;-)

And while I sit here eating lunch it occured to me how silly of a
statement that was- consider which is more of an acceptible risk-

scenario 1) sethc.exe is run as a normal user, or rather as the user
logged in- it does not run with any special capabilities, the keyboard
driver or whatever intercepts and detects shift pressed 5 times, or held
for X seconds- however
IF someone managed to override your DAC's/file permissions then they can
overwrite the program, however if this occurs- the game is already up
because you had a more critical flaw some place else, and that is really
the way that you lost control.

scenario 2) sethc.exe is always running and monitoring keystrokes looking
for any sequence of keystrokes that it recognizes, in order to do this
either any user has to be able to 'sniff keystrokes', OR, it has to run
with special access allowing the window for abuse to grow bigger- in
addition to this the kernel has to take extra steps in order to pass every
keystroke to userspace, which is going to degrade performance. So here,
the simple program is now running with elevated status and becomes a huge
potential for abuse.

From a perspective of security, which is a better design? scenario 2 is
basically what you are suggesting. I love IT Security as well, but its not
nearly as humorous as It Security 'Professionals'

cheers,
jnf

• Previous message: lists: "Re: priviledge escalation techniques"
• In reply to: miguel.dilaj_at_pharma.novartis.com: "Re: priviledge escalation techniques"
• Next in thread: John Cobb: "RE: priviledge escalation techniques"
• Reply: John Cobb: "RE: priviledge escalation techniques"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: priviledge escalation techniques ... self a command prompt with 'SYSTEM' privileges (well with win2k, ... scenario 1) sethc.exe is run as a normal user, or rather as the user logged ... scenario 2) sethc.exe is always running and monitoring keystrokes looking ... From a perspective of security, ... (Pen-Test) Re: priviledge escalation techniques ... drop the privileges when in the need to do something else. ... Vice-President of IT Security Research, ... scenario 1) sethc.exe is run as a normal user, ... scenario 2) sethc.exe is always running and monitoring keystrokes looking ... (Pen-Test) Re: How do I assign a "F" key? ... Press and release Shift then press 7 to get &. ... WshShell Object | Run Method ... Sends one or more keystrokes to the active window. ... these special characters are not enclosed within a set of braces. ... (microsoft.public.windowsxp.basics) Re: key press ... The receiver can do some validity checking - verifying that a key ... that the physical keyboard state when the message was generated ... If the receipt of a key press has security issues associated with it, ... I think a bigger security issue is the interception of real keystrokes ... (borland.public.delphi.nativeapi) Re: SHortcut to launch Powertoys Magnifier? ... Winkey + B will take you to first icon in notification area, then left arrow to the time, Shift + F10, T, arrow down to the item, Enter ... Then set a shortcut to the scripts and set a hotkey for the shortcut ... WshShell Object | Run Method ... Sends one or more keystrokes to the active window. ... (microsoft.public.windowsxp.general)