|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Fort _ (fort_at_linuxmail.org)
Date: Mon Oct 21 2002 - 08:39:53 CDT
('binary' encoding is not supported, stored as-is)
In-Reply-To: <200210181958.g9IJwN3W069622
mailserver3.hushmail.com>
>
>Downloaded this:
>
>Security Advisory, Exploit Source and Compiled Binary:
>http://getad.chat.ru/
>
>Ran it as a user on a W2K server that had perms set on the cmd.exe to
Admins and System only....didn't work.
>
>The exploit does run correctly on a default install of W2K.
>
>Can anyone else confirm this. It'd be nice if seting perms on one file
would nullify this .exe
>
>Thanks,
>
>DWreck
Just tested it on Win2k PRO SP2, set cmd.exe to admin and system only,
logged in as guest, tried to run the exploit and it won't work.
teh only problem i can see with this is if you use logon scripts and such,
or you require cmd.exe for other reasons.
So yeah, your way does work :)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]