lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: support at sleepdeprived.ca (David Vincent)
Subject: MS Windows Screensaver Privilege Escalation

>>>MW> To Whom it May Concern;
>>>MW> The Original Post is http://www.securityfocus.com/bid/11711
>>>
>>>MW> On Windows XP all releases, when you replace, or change the
>>>MW> screensaver displayed on the login screen with a specially crafted
>>>MW> version designed to execute programs, those programs are launched
>>>MW> under the SYSTEM SID, IE: they are given automatically the highest
>>>MW> access level avalible to Windows.  This level is not accessible even
>>>MW> to administrators.
>>>
>>>MW> This flaw is important because while one would need Power User
>>>MW> privledges or above to change the Login Screensaver, by default, any
>>>MW> user with the exception of guest can replace the login screensaver
>>>MW> file with a modified version.  In theory, any determined user could
>>>MW> execute ANYTHING with SYSTEM privledges.  A similar flaw exists in
>>>MW> Win2K, but Microsoft has ignored it.
>>>
>>>MW> Sincerly;
>>>MW> Matt Walker
>>>

i've used the technique on this page to rescue a windows 2000 domain 
controller's admin account since the pnordhal diskette won't help:

http://www.jms1.net/nt-unlock.html

similar instructions for windows 2003 are here:

http://www.nobodix.org/seb/win2003_adminpass.html

-d


Powered by blists - more mailing lists