lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <007b01c3a97d$fa2a53f0$231a90d8@NTAUTHORITY>
From: geoincidents at getinfo.org (Geoincidents)
Subject: Frontpage Extensions Remote Command Execution

> Looking at the description of the IWAM_machinename account on my system,
it
> is listed as the "Launch Process Account".  IWAM has *no* privileges other
> than those explicitly granted to Guests, Users, or Everyone.

Open usermanager go to groups look in your MTS Trusted group, what do you
see there? IWAM is used to access databases, it's got more than guest. If
you can run an application and you have a command line to \system32 and you
are a network enabled account (like IWAM) then you are just a few steps from
downloading and running any code you want. (I wonder if Brett could try
running tftp for us)

This isn't limited, just because Brett Moore stopped with
C:\WINNT\system32>whoami
IWAM_BLACKHOLE

doesn't mean Marc from eeye wouldn't have turned this into an automated
rooter. The potential is most certainly there, you've got execute, you've
got network access, game over.

Geo.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ