Re: Named Pipe Impersonation -> CreateProcessAsUser();

From: Blue Boar (
Date: 07/14/03

  • Next message: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"
    Date: Mon, 14 Jul 2003 13:13:54 -0700
    To: wirepair <>

    wirepair wrote:

    > Hello, I'm attempting to finish up my exploit for the @stake advisory,
    > i've hit quite a snag when i found out that calling a new process does
    > not inherit the privileges of the named pipe. (I must have been thinking
    > of fork() or something heh). So I can impersonate SYSTEM, but I can not
    > create a new process with these nice privileges.

    Can you tell if you end up with the TOKEN_ADJUST_PRIVILEGES priv? If I
    recall correctly (and I probably don't) child processes of system will have
    that prive, but not have the other privs turned on. You have to use
    AdjustTokenPrivileges to get them.


  • Next message: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"

    Relevant Pages

    • Named Pipe Impersonation -> CreateProcessAsUser();
      ... of the named pipe. ... create a new process with these nice privileges. ... ConnectNamedPipe<-- yada yada wait for connection ... access, then call CreateProcessAsUser(); ...
    • Re: patch to make Linux capabilities into something useful (v 0.3.1)
      ... unmarked executables continue to inherit no caps at all. ... capabilities on non-caps-aware programs. ... security principle of "least privileges". ... Sun has recently included the Trusted Solaris into the ...
    • Re: The roots of this group?
      ... Witness the shameful number of recycled calls about, ... yourself who would want to inherit a call that didn't start with a G. ... No-one appears to care about privileges, ... It was in a page of statistics that appeared on a US web site, quoting Ofcom figures. ...
    • Re: Frustrated with capabilities..
      ... inherit capabilities unless filesystem flags permit that. ... expecting to be setuid exec's ... some program which wasn't expecting to have root privileges then bad ...
    • [Full-disclosure] escalating privileges with named pipes
      ... does anyone know a practical example of named pipe attack to escalate ... privileges in Windows environment? ... I'm trying to learn more about named pipe ...