Windows logon.scr hack - Page 3
Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: Windows logon.scr hack

  1. #21
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by Maestr0
    (System cannot take ownership so buffer overflow attacks will be much harder to achieve)
    This is BS. File ownership has absolutely nothing to do with the security context the file will be run under. SYSTEM would still be able to run the file and it would still contain an exploitable buffer overflow.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  2. #22
    Deceased x acidreign x's Avatar
    Join Date
    Jul 2002
    Posts
    455
    anyone tried running mmc from that command window? it seems to me that could give you a few choice options as far as security is concerned, I'm going to try it right now
    :q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)

  3. #23
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    SirDice,
    I think you may have misunderstood my comment. I said to allow execute permissions on cmd.exe for admin ONLY(This means deny SYSTEM). That means SYSTEM cannot execute cmd.exe OR take ownership of cmd.exe, this way if someone has found a buffer overflow in a program running under a SYSTEM context then the code will not be able to execute cmd.exe


    -Maestr0

    EDIT: I see that the original statement was unclear, the statement should have read:
    "(System cannot take ownership so buffer overflow attacks <which execute these binaries> will be much harder to achieve)"



    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  4. #24
    Junior Member
    Join Date
    Jun 2003
    Posts
    8

    did u try this on SP3 for 2k?

    im just interested if u tried this on service pack 3 or not, let me know

  5. #25
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by Maestr0
    SirDice,
    I think you may have misunderstood my comment. I said to allow execute permissions on cmd.exe for admin ONLY(This means deny SYSTEM). That means SYSTEM cannot execute cmd.exe OR take ownership of cmd.exe, this way if someone has found a buffer overflow in a program running under a SYSTEM context then the code will not be able to execute cmd.exe


    -Maestr0

    EDIT: I see that the original statement was unclear, the statement should have read:
    "(System cannot take ownership so buffer overflow attacks <which execute these binaries> will be much harder to achieve)"
    That's much clearer and correct It's all a matter of payload. So I think this would only protect you from prebuild exploits (scriptkiddie tools?).

    I'm not sure about not being able to take ownership. I think you can still take ownership and nuke the ACL in the process (mental note: must try this out).

    Originally posted here by kroltz
    im just interested if u tried this on service pack 3 or not, let me know
    Servicepack/hotfix level has nothing to do with it. The default screensaver (when noone is logged on) will run in the SYSTEM context (this is by design). So if you have no or bad ACLs on %windir% this would still work.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides