Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Smashing Windows

From: "The Blueberry" <acr872k () hotmail com>
Date: Thu, 11 Apr 2002 21:16:45 +0000
Hi group,
While were on the topic, I'm wondering what techniques and/or programs would be of use to effectively audit windows operating systems and services specifically 
nt based?
For this you can use api monitors, registry, disk, etc... Some good tools can be found at www.sysinternals.com.
But if you search more specifically for something to target in depth one program or one function in the OS, look at win32 debuggers like SoftIce or alikes. 



For example, privelage escelation, buffer overflows, format strings within
local programs or system services. Other than a few documents on format strings and buffer overflows, there isn't much information to help aid in the auditing 
of programs specifically of importance to the windows os.
I'm not aware of any papers on that subject but you can always take a look at phrack or at currently existing exploits as this can help you a bit. 


Another main question
is how exactly are local privelages gained? For example, under unix only
programs suid/sgid that are vulnerable can sometimes be exploited to gain root. 
Would there be the same thing or something similar to this under an nt
environment? and if so, what?
It can be the same in NT: a service (IIS, etc...) that runs habitually under high privileges can give up his privileges by a buffer overflow or an input validation that fools the program into executing custom code supplied by the attacker... 


Is there any information that I can be directed to that maybe i'm missing?
as well as programs and other criteria of importance. Also, is there such things as race conditions under windows? Signal explotation? or things under windows 
that can be exploited that can't under *nix or vice versa.
Humm... race condition? Maybe but it's very unlikely for a NT program to use the temporary directory to put anything exploitable. Signal exploitation? No, AFAIK. Usually in Windows the great thing to exploit is user input; buffer overflows and input validation errors.
Any light or reference to information on this topic, considering it is broad 
scope would be greatly appreceated.
I'm not really aware of any general information about Windows's architecture in the field of security. Maybe others in the list will be able to help you more than me about this. 

--TB

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: