Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] local SYSTEM on Windows vs. local root on Unix
From: petard (petardfreeshell.org)
Date: Tue Jan 20 2004 - 08:58:28 CST
On Mon, Jan 19, 2004 at 04:20:58PM -0500, KF wrote:
> I am currious to know what you folks think the differences are between
> obtaining local SYSTEM on a win32 box and obtaining root on a Unix machine.
> Same thing?
> One is worse than the other? Which one? Why?
I'd say best case, it's more or less the same thing.
NTAUTHORITY\LocalSystem has complete access to all of the resources of
the local machine. IIRC, it is possible to create local users and add
them to local groups from a program running with LocalSystem privileges.
[This is why I'd say it's equal to root in the best case.]
In the worst case, it can be much worse than root. If a domain has been
improperly configured such that the computer account for the machine on
which you've got LocalSystem is overly privileged, you may have gained
control over the domain as well :-)
Here's a decent summary of the account:
If your message really might be confidential, download my PGP key here:
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.
Full-Disclosure - We believe in it.