Windows privilege escalation using Program.exe. - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Windows privilege escalation using Program.exe.

  1. #11
    Banned
    Join Date
    Sep 2005
    Posts
    8

    loved the post bro

    I'm with rhfactor on this one you guys are scolding reedarvin like antionline is paying him to write tutorials or something

    I think the tutorial was worthy of his time and I like the read. Oh and agreed if you want an exploit fix studying it yourself and don't complain why there is no exploitation fix on this.

    also my 2 cents

    and reedarvin keep writing tutorials bro!

  2. #12
    Senior Member
    Join Date
    Sep 2004
    Posts
    117
    well it is a very good post
    cheers
    nice thinking

  3. #13
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    About time someone pointed out you've all been posting to a three month old thread.

    Cheers

  4. #14
    Junior Member
    Join Date
    Nov 2005
    Posts
    2

    Re: Windows privilege escalation using Program.exe.

    Hi reedarvin,

    Iīve read your tutorial. It sounds nice, but it does not work!

    I tried it on a Win2k, SP0.

    It is true, that Windows executes the program.exe (after you ignore the warning), but depending on your user privileges it wonīt happen anything.

    As guest, nothing happens. The script is executed but failes because lack of privileges.
    As restricted user, itīs just the same thing.
    As privileged user, only a restricted account is created.
    Only when connecting as admin, the script will add the user to the administrator group.


    Regards,
    Swappy

  5. #15
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Swappy,

    reedarvin, posted this tut ages ago. I'm guessing its been patched?
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  6. #16
    Banned
    Join Date
    May 2003
    Posts
    1,004
    No not patched... the original post makes no indication of being able to do extra things with a given account... he mentions tricking a service started under a more powerful user into running his malicious application. Swappy just tried to run the app himself.

    cheers,

    catch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides