lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <96a12a7c0606111753n5b0a01cexc0314533cd7103e3@mail.gmail.com>
Date: Sun, 11 Jun 2006 17:53:43 -0700
From: zipk0der <zipk0der@...dora-security.com>
To: bugtraq@...urityfocus.com
Subject: Windows XP Task Scheduler Local Privilege Escalation (Advisory)


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= Advisory: Windows XP Task Scheduler Local Privilege Escalation
             =
= Author: Daniel Hückmann (zipk0der) zipk0der@...dora-security.com
         =
= Released at: http://www.pandora-security.com
                      =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

1. Overview.

In Windows XP, the task scheduler service runs as "SYSTEM" (local service);
this is akin to running cron as root. Any processes spawned by the
task scheduler
inherit "SYSTEM" permissions. Using command line tools, we can kill the Windows
desktop (explorer.exe) and restart it running under "SYSTEM". Once running under
"SYSTEM" we have full control of the machine, and can do things even
Administrators
can't. Also included is a recommended fix. Read the full paper at the
link below.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Direct link to the original paper discussing this issue in detail...

http://www.pandora-security.com/forum/viewtopic.php?t=2093

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Sincerely,

Daniel Hückmann - R&D Director, Pandora Security


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ