Re: Named Pipe Impersonation -> CreateProcessAsUser();

From: Blue Boar (BlueBoar_at_thievco.com)
Date: 07/14/03

  • Next message: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"
    Date: Mon, 14 Jul 2003 13:13:54 -0700
    To: wirepair <wirepair@roguemail.net>
    
    

    wirepair wrote:

    > Hello, I'm attempting to finish up my exploit for the @stake advisory,
    > i've hit quite a snag when i found out that calling a new process does
    > not inherit the privileges of the named pipe. (I must have been thinking
    > of fork() or something heh). So I can impersonate SYSTEM, but I can not
    > create a new process with these nice privileges.

    Can you tell if you end up with the TOKEN_ADJUST_PRIVILEGES priv? If I
    recall correctly (and I probably don't) child processes of system will have
    that prive, but not have the other privs turned on. You have to use
    AdjustTokenPrivileges to get them.

                                                    BB


  • Next message: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"