Re: priviledge escalation techniques
From: BSK (bishan4u_at_yahoo.co.uk)
Date: 01/20/05
- Previous message: Michael Richardson: "Re: Recent Linux vulnerabilities"
- Maybe in reply to: Dan Rogers: "priviledge escalation techniques"
- Next in thread: Dave Wells: "RE: priviledge escalation techniques"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Jan 2005 11:13:02 +0000 (GMT) To: miguel.dilaj@pharma.novartis.com, pen-test@securityfocus.com
> That's really strange. It works in WinXP.
> Perhaps there was a change in functionality (for
> bad!) from Win2K to XP?
> The only possibility I can imagine is either:
> a) something blocks launching interactive programs
> before logon in 2K, but
> not in XP
> b) 2K is checking that sethc.exe is valid before
> launching it, and XP is
> not doing that check (I don't really think that this
> is the case, but...)
>
> Do you have any XP box to test?? I'll try to get
> hold of a 2K as well.
I couldn't try on a XP box, but tried on a windows
2000 server. It behaves very differently here, after
the replacement of sethc.exe with cmd.exe:
1. before logging in, pressing 'shift' 5 times,
invokes sethc.exe but the original one, which in fact
doesn't exist in system32 directory, atleast with same
name. I think windows regenerated that file but with
some other name.
2. if I press 'shift' 5 times after logging in,
nothing appears, neither original sethc.exe nor the
replaced sethc.exe
Any clues?
___________________________________________________________
ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com
- Previous message: Michael Richardson: "Re: Recent Linux vulnerabilities"
- Maybe in reply to: Dan Rogers: "priviledge escalation techniques"
- Next in thread: Dave Wells: "RE: priviledge escalation techniques"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
