Full Disclosure mailing list archives
Re: Process Killing - Playing with PostThreadMessage
From: Georgi Guninski <guninski () guninski com>
Date: Thu, 2 Oct 2003 13:30:22 +0300
On Thu, 2 Oct 2003 17:28:14 +1200 "Brett Moore" <brett.moore () security-assessment com> wrote:
It appears from our testing that any thread running under any security level will accept a WM_QUIT message, causing the process to terminate.
...
While this does not have the security implications of 'privilege escalation' attacks, it may cause some concerns under certain circumstances.
In some circumstances this probably may be used for privilege escalation. In windoze a process may escalate its privileges if a more privileged process writes to its named pipes. So if you manage to kill a process which holds important named pipe, then create the same named pipe and then someone writes to your named pipe you may elevate your privileges. You may check http://www.guninski.com/dr07.html for an old demo. georgi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Process Killing - Playing with PostThreadMessage Brett Moore (Oct 02)
- Re: Process Killing - Playing with PostThreadMessage Georgi Guninski (Oct 02)