Hosting Provided By

RE: Named Pipe Impersonation -> CreateProcessAsUser();

From: noir <noir(at)gsu.linux.org.tr>
Date: Mon Jul 14 2003 - 17:52:07 EDT

Check Matt Conover's (shok@dataforce.net) IIS impersonation exploit, he comes up with a cool hack for such situations (intrusive though... ;p) adding a user in the administrators group and logon as that user to create a new admin privileged process.
here it's is:
http://www.w00w00.org/files/iisoop.tgz
(neat sploit, nice work!)

noir

-----Original Message-----
From: wirepair [mailto:wirepair@roguemail.net] Sent: Monday, July 14, 2003 12:46 PM
To: vuln-dev@securityfocus.com
Subject: Named Pipe Impersonation -> CreateProcessAsUser();

.... Received on Mon Jul 14 17:54:31 2003

This message: [ Message body ]
Next message: Andrew Thomas: "Anyone looked at the canary stack protection in Win2k3?"
Previous message: Blue Boar: "Re: Named Pipe Impersonation -> CreateProcessAsUser();"
Maybe in reply to: wirepair: "Named Pipe Impersonation -> CreateProcessAsUser();"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT