My understanding is lsadump2 is using calls that require SeDebugPrivilege
which only administrators have by default and then uses dll injection to
impersonate system by loading code into LSASS's address space.

I am not a programmer and this is all based on my feeble understanding of
Paul Ashton and Todd Sabin's work ;-]

-----Original Message-----
From: Mark Parry [mailto:Mark.Parrypsi-cu-software.com]
Sent: Friday, November 16, 2001 10:06 AM
To: Focus Microsoft (E-mail)
Subject: RE: Cached Network Password

it works great running as system, non-interactive I believe. the reason I
mention this is because that's where you end up in some IIS sploits, and it
can be hard to get yourself interactive with the box.

-----Original Message-----
From: Free, Bob [mailto:RWF4pge.com]

Keep in mind that you needed administrator access to obain what you did but
that
is a whole different story.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]