Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Mike Murray (mmurray_at_DORIAN.2Y.NET)
Date: Thu Aug 08 2002 - 12:45:47 CDT
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 08 August 2002 09:14 am, Deus, Attonbitus wrote:
> Not withstanding the implications of exploiting privileged services, one
> really has to question the validity of any exploit that first requires
> malicious code to get onto the system.
I have to respectfully disagree on this point.
The fact is, we've seen a significant number of extremely useful and valid
tools that run only locally. The LPC Ports vulnerability that was released a
couple of years ago (and the corresponding exploit) was useful in any
situation where an exploit gave local unprivileged access.
Put simply, this is a local root exploit. We don't ignore these types of
exploit for a *nix box; we shouldn't ignore them for a Windows box.
The reason that "If you can get your code on the box, nothing else matters" is
such a tautology is because of situations like this. There are a significant
number of privilege escalation conditions that exist.
That doesn't mean that we can/should disregard these conditions because
As I see it, the most interesting possibility, with some of the hidden windows
that services start as is the possibility of writing a piece of code which
will run *without* requiring the GUI interaction that the current incarnation
of shatter requires.
Just a thought.
| Michael Murray, CISSP <mmurraydorian.2y.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----