|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Blake Watts (bwatts
securityinternals.com)Date: Tue Mar 12 2002 - 18:16:47 CST
There are many well-known methods of privilege escalation on Windows
NT/2000/XP. Several, like buffer overflows, are generic and non-Windows
specific.
An example of one specific to Windows is a technique I discovered in 2000,
known as named pipe instance creation race conditions. Basically, if a
privileged process, like the Service Control Manager, attempts to connect
to a pipe that an attacker can guess and be the first to create it, then
the attacker can impersonate the client (using ImpersonateNamedPipeClient)
to elevate his privileges.
I intend to release a paper documenting the discovery and alleviation of these
sometime within the next few weeks.
Here are some resources for the interim:
http://www.guardent.com/A0108022000.html
http://online.securityfocus.com/archive/1/74523
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull
etin/MS00-053.asp
http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Another interesting privilege escalation bug was discovered by Todd Sabin:
http://razor.bindview.com/publish/advisories/LPCAdvisory.html
Regards,
Blake Watts
http://www.securityinternals.com
----- Original Message -----
From: "Sebastian Muņiz" <smunizelinpar.com>
To: <vuln-devsecurityfocus.com>
Sent: Tuesday, March 12, 2002 11:35 AM
Subject: Windows Elevation of privileges
Does anyone know where can i find some papers about Elevation of privileges
on Windows (NT/2000) or source code of actual exploits of the kind (like
sechole) ??
Thanks!!!!
Sebastian Muņiz
Elinpar S.A..- Ingenieria / Serv. Profesionales
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]