RE: Named Pipe Impersonation -> CreateProcessAsUser();
From: noir (noir_at_gsu.linux.org.tr)
Date: 07/14/03
- Previous message: Blue Boar: "Re: Named Pipe Impersonation -> CreateProcessAsUser();"
- Maybe in reply to: wirepair: "Named Pipe Impersonation -> CreateProcessAsUser();"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Jul 2003 00:52:07 +0300 (EEST) To: wirepair@roquemail.net, <vuln-dev@securityfocus.com>
Check Matt Conover's (shok@dataforce.net) IIS impersonation exploit,
he comes up with a cool hack for such situations (intrusive though... ;p)
adding a user in the administrators group and logon as that user to
create a new admin privileged process.
here it's is:
http://www.w00w00.org/files/iisoop.tgz
(neat sploit, nice work!)
- noir
-----Original Message-----
From: wirepair [mailto:wirepair@roguemail.net]
Sent: Monday, July 14, 2003 12:46 PM
To: vuln-dev@securityfocus.com
Subject: Named Pipe Impersonation -> CreateProcessAsUser();
....
- Previous message: Blue Boar: "Re: Named Pipe Impersonation -> CreateProcessAsUser();"
- Maybe in reply to: wirepair: "Named Pipe Impersonation -> CreateProcessAsUser();"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
