Full Disclosure mailing list archives
Re: elevating privileges from Admin to SYSTEM
From: Thierry Zoller <Thierry () Zoller lu>
Date: Wed, 8 Mar 2006 00:09:56 +0100
Dear NULL,
from Administrator to SYSTEM level
- Task sheduler at xx:xx cmd.exe - CreateRemoteThread & LoadLibrary Thread injection (lsass etc.) http://www.codeproject.com/threads/winspy.asp - The CreateRemoteThread & WriteProcessMemory Technique (lsass etc.) http://win32.mvps.org/processes/remthread.html http://www.codeproject.com/threads/winspy.asp - CreateRemoteProcess() Process injection (lsass etc.) http://www.anticracking.sk/EliCZ/export/CPRPICHA.zip - Drivers/services creating windows (handles).... - Drivers/services opening a "Can't find help file" when sending F1 keypress to the windows it's supposed not to create, then browing to cmd.exe and right clicking open.. - Driver/services calling c:\program files\whatever.exe without quotes *wink wink* had to put that one here. .... .. -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- elevating privileges from Admin to SYSTEM /dev/null (Mar 07)
- Re: elevating privileges from Admin to SYSTEM Knud Erik Højgaard (Mar 07)
- Re: elevating privileges from Admin to SYSTEM Nick Withers (Mar 07)
- Re: elevating privileges from Admin to SYSTEM Thierry Zoller (Mar 07)
- Re[2]: elevating privileges from Admin to SYSTEM Thierry Zoller (Mar 07)
- Re: Re[2]: elevating privileges from Admin to SYSTEM Ill will (Mar 07)
- Re[2]: elevating privileges from Admin to SYSTEM Thierry Zoller (Mar 07)
- <Possible follow-ups>
- Re: elevating privileges from Admin to SYSTEM /dev/null (Mar 07)
- Re: elevating privileges from Admin to SYSTEM Yorn (Mar 08)
- Re: elevating privileges from Admin to SYSTEM Knud Erik Højgaard (Mar 07)