Re: How vulnerable is a 'Limited" account on XP?
From: ph1zzle (ph1zzle_at_cogeco.ca)
Date: 07/09/03
- Previous message: Jon Hart: "Re: Red Hat 9: free tickets"
- Maybe in reply to: Bernie Cosell: "How vulnerable is a 'Limited" account on XP?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: VULN-DEV@securityfocus.com Date: 09 Jul 2003 02:33:40 -0400
On Wed, 2003-07-09 at 02:32, ph1zzle wrote:
> On Tue, 2003-07-08 at 13:08, Bernie Cosell wrote:
> > I've been wondering: are there exploits/vulnerabilities that can burrow
> > into a system through a limited account on XP? I've tried playing around
> > a little bit [but I'm really not very much of an XP-hacker] and it sure
> > seems hard to get a toehold on the system from my limited account. With
> > the entire system drive essentially read-only, and with its not being
> > able to mess with ADMIN or SYSTEM processes, I wonder just how vulnerable
> > XP is... [for example, I"ve been tempted (but too chicken) to try
> > intentionally infecting myself with one or another of the email-borne
> > viruses just to see how far they could penetrate into my system].
> >
> > /Bernie\
>
> Well bernnie, I am not a xp person myself, in fact I am a linux and
> openbsd person but here is what I can tell you about what I do know
> about Windos XP. The system is a multiuser system with privledge
> seperation. this means that unless one (stupid) e-mail viruses includes
> exploit code targeted towards windows xp, it will only infect with the
> credentials given to the user who was infected and there for will only
> be able to damage the user who ran it. So you being chicken saved you
> from destroying your own data and not affecting the rest of the system.
> Now I do believe there are some exploits out there that do take
> advantage of the system in such a way that you can escalate privledges,
> but since I havn't used a windows machine since 2k first came out, I
> don't know what any of these are. So since it sounds appearent you are
> not a programmer, or at least not a exploit programmer, so if you are
> truly determined to get in, I suggest you use code that someone who
> knows what they are doing has wrote. try packetstormsecurity[dot]org or
> hack[dot]co[dot]za. oh and "keeep reaching for that rainbow" (<- heh,
> simpsons).
>
> --ph1zzle
> "lea eax, [ebp + 4]"
- Previous message: Jon Hart: "Re: Red Hat 9: free tickets"
- Maybe in reply to: Bernie Cosell: "How vulnerable is a 'Limited" account on XP?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
