screen saver privilege

I'm sure that most of you have heard of the privilege escalation
technique of replacing logon.scr with cmd. well I was playing around
on the computer and decided to install cmd as an option for a user
screen saver. However when the prompt was not run with system rights
as when it is when it replaces logon.scr. I was wondering if anyone
knew why this was?
LoneWolf210 [ Di, 17 April 2007 05:15 ] [ ID #1690620 ]

Re: screen saver privilege

LoneWolf210 [at] gmail.com wrote:

> I'm sure that most of you have heard of the privilege escalation
> technique of replacing logon.scr with cmd.


We've heard a lot about it, but this still doesn't make it a privilege
escalation. To replace logon.scr, you already need to have admin rights.

> However when the prompt was not run with system rights
> as when it is when it replaces logon.scr.


Of course not, it is run with the rights of the user.

> I was wondering if anyone knew why this was?


WinLogon uses Impersonation to execute the CreateProcess() call with the
credentials of the user. On Windows Server 2003 and later, it uses
CreateProcessAsUser().
Sebastian Gottschalk [ Di, 17 April 2007 07:15 ] [ ID #1690621 ]
Miscellaneous » comp.security.misc » screen saver privilege

Vorheriges Thema: HPSBUX02203 SSRT071339 rev.1 - HP-UX Running Portable File System (PFS), Remote Increase in Privileg
Nächstes Thema: confidentiality concept !!!

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum