Re: Temporary user rights

From: Aaron N. Cutshall (acutshall@elsallc.com)
Date: 05/10/02 

From: "Aaron N. Cutshall" <acutshall@elsallc.com>
Date: Fri, 10 May 2002 09:05:40 -0500

That merits investigation. I appreciate you passing it on.

Aaron

"Asheesh Laroia" <pan-news@asheeshenterprises.com> wrote in message
news:KUCC8.38409$2G1.13304764@typhoon.nyroc.rr.com...
> In the logon script:
>
> (Extract ERunAs2X from debploit, found at
> http://www.anticracking.sk/EliCZ/bugs/DebPloit.zip)
>
> erunas2x <command>
>
> That will run the <command> with local SYSTEM privileges. <command>
> should be the time-update command you were going to put in the script that
> needs to run as local SYSTEM.
>
> This is considered a bug by some, but MS hasn't responded to it in the
> months for which it has been available, so maybe they consider it a
> feature. If they do release an update that breaks it, then this will fail
> then. The only other methods of which I know involve putting a local
> Administrator password in a world-readable file that is read by the
> script, passed to WinNT's RunAs program.
>
> -- Asheesh.
>
> On Thu, 09 May 2002 16:07:17 -0400, Aaron N. Cutshall wrote:
>
> > I would like to temporarily change a user's rights to allow a user to
> > update the system time on the local workstation to match the server,
> > then remove the privilege to prevent tampering. This would normally be
> > executed during the user's login script. How can I execute something
> > with temporary administrative privileges?

Relevant Pages

  • Re: Will Linux become as vulnerable as MS ??
    ... > beeing vulnerable to viruses. ... > that they know are executable, and execute intentionally. ... >> Linux, each distro is a little different, and even within the distro, ... > Since clicking on a script is easier than typing it's name, ...
    (comp.os.linux.security)
  • Re: [Full-Disclosure] ColdFusion cross-site scripting security vulnerability of an error page
    ... > execute the arbitrary javascript and HTML code which the attacker ... > It is possible to display the contents transmitted from the client ... > cross-site scripting attack can be executed. ... the script will be executed when the script for an attack ...
    (Full-Disclosure)
  • Re: Temporary user rights
    ... >> should be the time-update command you were going to put in the script ... >> needs to run as local SYSTEM. ... How can I execute something ... >>> with temporary administrative privileges? ...
    (microsoft.public.win2000.security)
  • CGIscript.net - csMailto.cgi - Remote Command Execution
    ... CGIscript.net - csMailto.cgi - Remote Command ... csMailto is a perl cgi formmail script developed by ... execute command on server and mail output to anyone ...
    (Bugtraq)
  • Re: Extracting data from an XML to put into a constant
    ... ExecuteGlobal "Const cnUB = 9" ... The following script causes the same error. ... Ordinary variables and constants defined with execute statements have ... no value until their defining statement is executed at run time. ...
    (microsoft.public.scripting.vbscript)