[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    RE: Named Pipe Impersonation -> CreateProcessAsUser();
From:       noir <noir () gsu ! linux ! org ! tr>
Date:       2003-07-14 21:52:07
[Download RAW message or body]


Check Matt Conover's (shok@dataforce.net) IIS impersonation exploit,
he comes up with a cool hack for such situations (intrusive though... ;p) 
adding a user in the administrators group and logon as that user to 
create a new admin privileged process.
here it's is:
http://www.w00w00.org/files/iisoop.tgz
(neat sploit, nice work!)

- noir


-----Original Message-----
From: wirepair [mailto:wirepair@roguemail.net] 
Sent: Monday, July 14, 2003 12:46 PM
To: vuln-dev@securityfocus.com
Subject: Named Pipe Impersonation -> CreateProcessAsUser();


....

[prev in list] [next in list] [prev in thread] [next in thread]