September 16th, 2005, 06:18 PM
loved the post bro
I'm with rhfactor on this one you guys are scolding reedarvin like antionline is paying him to write tutorials or something
I think the tutorial was worthy of his time and I like the read. Oh and agreed if you want an exploit fix studying it yourself and don't complain why there is no exploitation fix on this.
also my 2 cents
and reedarvin keep writing tutorials bro!
September 16th, 2005, 06:31 PM
well it is a very good post
September 17th, 2005, 12:18 PM
About time someone pointed out you've all been posting to a three month old thread.
November 12th, 2005, 09:11 PM
Re: Windows privilege escalation using Program.exe.
Iīve read your tutorial. It sounds nice, but it does not work!
I tried it on a Win2k, SP0.
It is true, that Windows executes the program.exe (after you ignore the warning), but depending on your user privileges it wonīt happen anything.
As guest, nothing happens. The script is executed but failes because lack of privileges.
As restricted user, itīs just the same thing.
As privileged user, only a restricted account is created.
Only when connecting as admin, the script will add the user to the administrator group.
November 12th, 2005, 09:32 PM
reedarvin, posted this tut ages ago. I'm guessing its been patched?
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
November 12th, 2005, 09:39 PM
No not patched... the original post makes no indication of being able to do extra things with a given account... he mentions tricking a service started under a more powerful user into running his malicious application. Swappy just tried to run the app himself.