lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1f1991610601181125s2df9abb9scaba20719c5cdb05@mail.gmail.com>
Date: Wed Jan 18 19:26:17 2006
From: yboily at gmail.com (Yvan Boily)
Subject: Question for the Windows pros

> The explanations on MS's site are vague enough that they're meaningless.
> What services running on Windows allow clients to access them?  And if they
> do, do they restrict access to the Local Machine?  Or do they allow Remote
> Access?  (For example, RPC is clearly remote.  Is the Windows Time service?)

Actually, the explanations are not vague or meaningless.  It just
helps to have an understanding of what this privilege governs.  Lets
start with the fact that in essence it only applies to Server
operating systems, and only to Windows 2000 SP4, or Windows 2003.

http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/secauthz/security/authorization_constants.asp

Mike Howard also demonstrates the technique here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure03132003.asp

RPC is not clearly remote.  It is merely a mechanism which is capable
of delivering remote calls.

According to MSDN this is a list of API that require SeImpersonatePrivelege:

RpcImpersonateClient
ImpersonateAnonymousToken
ImpersonateClient
ImpersonateLoggedOnUser
ImpersonateSecurityContext
RpcGetAuthorizationContextForClient

Reading the API, and the MSDN Documentation on IMpersonation and
Delegation should illuminate this issue.

The short story is though, that any case where any process or thread
will execute, either locally or remotely, under another users security
context, impersonation is required.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ