[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20061003120147.GZ29201@DAPCVA.da>
Date: Tue, 3 Oct 2006 14:01:47 +0200
From: Vincent Archer <varcher@...yall.com>
To: crazy frog crazy frog <i.m.crazy.frog@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Removing the NIC cable = EoP?
On Tue, Oct 03, 2006 at 02:33:34PM +0530, crazy frog crazy frog wrote:
> I doubt it will work on any windows OS. If a user is logged in as a
> user who dont have admin rights then unplugging network cable does not
> give him admin.
The hack seems to be the defaulting. You authentify as a user, but you
do not let the system to get the full user profile from its domain
controller. The bug suggested there is that, if the OS can authentify,
but cannot setup the profile after succesfully authentifying, it would
incorrectly place you as a local admin. Presumably because that's the
only local account.
I do suspect a combo of specific OS version, SP, AD/system config, and
probably the account setup script that gets executed when you create a
local version of the user environment, rather than a generalized system
error.
Most system will indeed keep a cached copy of the network profile, and
default to it when unable to fetch the profile - I'm sure the sysadmins
added fancy tricks to destroy any local profile once you've logged out,
and the building of the account profile when you log in for "the first
time" is where the drop to admin happens.
--
Vincent ARCHER
varcher@...yall.com
Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists