Re: Named Pipe Impersonation -> CreateProcessAsUser();
From: Blue Boar (BlueBoar_at_thievco.com)
Date: Mon, 14 Jul 2003 13:13:54 -0700 To: wirepair <firstname.lastname@example.org>
> Hello, I'm attempting to finish up my exploit for the @stake advisory,
> i've hit quite a snag when i found out that calling a new process does
> not inherit the privileges of the named pipe. (I must have been thinking
> of fork() or something heh). So I can impersonate SYSTEM, but I can not
> create a new process with these nice privileges.
Can you tell if you end up with the TOKEN_ADJUST_PRIVILEGES priv? If I
recall correctly (and I probably don't) child processes of system will have
that prive, but not have the other privs turned on. You have to use
AdjustTokenPrivileges to get them.