Penetration Testing mailing list archives
RE: Re: Microsoft RDP Priv. Escalation
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Tue, 15 Apr 2008 07:35:28 -0700
So, let me see if I get this right: You're "unsure" of what the admin may or may not have done regarding permissions or rights, yet you have no problem with publishing a "vulnerability in the rdp protocol" touting "privilege escalation" complete with a trite photo of Bill Gates "praying?" You are in fact, and by your own admission, "guessing" about what type of account is used?? This is simply ridiculous. Sir, may I suggest in the future that you use these forums to first "learn" what you need to know before immediately posting and publishing "vulnerability" information regarding technologies that you obviously don't understand. It's not just that you embarrass yourself, but more importantly, this type of irresponsible posting only serves to distract and confuse those who may trust that you are qualified to advise them of RDP security issues. Did you even bother sending off a note to secure@microsoft first? For those of you following along, here's all you have to do to test this: Log on to the RDP host and set "deny rx" on notepad.exe. Using MSTSC, select "start program on connect" and use, say, calc.exe. Log on - you'll see "calc" run. Perfect. Now do the same thing but use "notepad.exe" instead then logon again - oops! "Access denied." You can also just save the .rdp file and edit "alternate shell," but it will do the same thing. Improperly deployed/secured Terminal Services/Remote Desktop solutions can indeed introduce serious security issues into your infrastructure. That's why it is important to do your research before deploying them. But as a researcher dispensing information on security, it is even more important for you to perform your technical due diligence in a professional manner before posting vulnerabilities based on things you are "unsure" of or "guessing" about. Sorry to sound rude, but things are hard enough already without adding more FUD. t ----------- Check out Tim Mullen's "Microsoft Ninjitsu" training at Blackhat Vegas 2008! There are also some other great NGS classes available lead by world-class researchers and trainers. http://www.blackhat.com/html/bh-usa-08/train-bh-usa-08-tm-ms-bbe.html
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Yousif () Vapt-Sec com Sent: Sunday, April 13, 2008 9:06 AM To: pen-test () securityfocus com Subject: Re: Re: Microsoft RDP Priv. Escalation Memet - Alright, how the admin went about disabling access to that file, im unsure, my guess is, I was using a very limited user account, and limited meaning, the way Windows limits "those" kind of accounts.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Computer Security Videos, (continued)
- Re: Computer Security Videos Leonardo Cavallari Militelli (Apr 09)
- Re: Computer Security Videos Paul Asadoorian (Apr 09)
- Re: Computer Security Videos Jon R. Kibler (Apr 09)
- RE: Computer Security Videos Timmothy Lester (Apr 09)
- Re: Computer Security Videos CJ (Apr 09)
- Re: Computer Security Videos Hugo Fortier (Apr 09)
- Re: Computer Security Videos Tim Tiernan (Apr 11)
- Re: Microsoft RDP Priv. Escalation Memet Anwar (Apr 09)
- RE: RE: Microsoft RDP Priv. Escalation Thor (Hammer of God) (Apr 09)
- Re: Re: Microsoft RDP Priv. Escalation Yousif (Apr 13)
- RE: Re: Microsoft RDP Priv. Escalation Thor (Hammer of God) (Apr 16)