Full Disclosure mailing list archives
Re: Windows Vista/7 lpksetup dll hijack
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Mon, 25 Oct 2010 22:56:58 +0000
I've tested loading a library from an application that requires admin privileges from a normal user and it will prompt for UAC if needed or fail. I understand where the jacking takes place, but you are making it seem like you can bypass user permissions when you can't. At least that's what I got from your OP. IOW, even if the original app you run doesn't require UAC, if the jacked .dll requires escalated permissions, which would be just about anything interesting you could do, then it will fail (or prompt depending on how you write it). The main point is that you've got to get people to not only connect up to your remote share, but you've got to get them to execute the file, etc. So I'm just wondering what makes this anything more than any other "put a malicious link here to make the user execute it" or email attachment business, particularly when you say "Remote Code Execution." t
Have you tested out the actual exploit method in a lab environment yet to see just what can be done as I have? On Oct 25, 2010 5:34pm, "Thor (Hammer of God)" <thor () hammerofgod com> wrote:If you are considering this "Remote Code Execution" then why not just have the victim run an .exe from the "complete anonymous share" you've managed to get people connected to and save all the trouble? This would still run as the user context, and if the hijacked DLL tried to do something a normal user couldn't do then it too would be blocked or fail anyway.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Windows Vista/7 lpksetup dll hijack Tyler Borland (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack ACROS Security Lists (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack TBorland1 (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack TBorland1 (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack Tyler Borland (Oct 26)
- Re: Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 26)
- Re: Windows Vista/7 lpksetup dll hijack Jann Horn (Oct 27)
- Re: Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 26)
- Re: Windows Vista/7 lpksetup dll hijack Tyler Borland (Oct 26)
- Re: Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 25)