|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Process Killing - Playing with PostThreadMessage
From: Georgi Guninski (guninski
guninski.com)
Date: Thu Oct 02 2003 - 05:30:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 2 Oct 2003 17:28:14 +1200
"Brett Moore" <brett.mooresecurity-assessment.com> wrote:
>
> It appears from our testing that any thread running under any security
> level will accept a WM_QUIT message, causing the process to terminate.
>
...
> While this does not have the security implications of 'privilege escalation'
> attacks, it may cause some concerns under certain circumstances.
>
In some circumstances this probably may be used for privilege escalation.
In windoze a process may escalate its privileges if a more privileged process writes to its named pipes. So if you manage to kill a process which holds important named pipe, then create the same named pipe and then someone writes to your named pipe you may elevate your privileges.
You may check http://www.guninski.com/dr07.html for an old demo.
georgi
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]