Re: Named Pipe Impersonation -> CreateProcessAsUser();
From: Blue Boar (BlueBoar_at_thievco.com)
Date: 07/14/03
- Previous message: wirepair: "Named Pipe Impersonation -> CreateProcessAsUser();"
- In reply to: wirepair: "Named Pipe Impersonation -> CreateProcessAsUser();"
- Next in thread: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Jul 2003 13:13:54 -0700 To: wirepair <wirepair@roguemail.net>
wirepair wrote:
> Hello, I'm attempting to finish up my exploit for the @stake advisory,
> i've hit quite a snag when i found out that calling a new process does
> not inherit the privileges of the named pipe. (I must have been thinking
> of fork() or something heh). So I can impersonate SYSTEM, but I can not
> create a new process with these nice privileges.
Can you tell if you end up with the TOKEN_ADJUST_PRIVILEGES priv? If I
recall correctly (and I probably don't) child processes of system will have
that prive, but not have the other privs turned on. You have to use
AdjustTokenPrivileges to get them.
BB
- Previous message: wirepair: "Named Pipe Impersonation -> CreateProcessAsUser();"
- In reply to: wirepair: "Named Pipe Impersonation -> CreateProcessAsUser();"
- Next in thread: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
