Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft RDP Priv. Escalation

From: Memet Anwar <mmta.gm () gmail com>
Date: Thu, 10 Apr 2008 02:36:03 +0700
Yousif () Vapt-Sec com wrote:

.RDP connection file. The cmd.exe thing is simply an example. Other
applications that wouldn't normally execute can be executed with this
as well. The escalation is the ability to run applications you
shouldn't be able to with such an account. It's under the privileges
of the user, but the idea is, those privileges don't allow you to
execute certain programs. Through that, you can.


As Thor said, "Exactly how were they disabled?", how the admin configure
the system to block access to cmd.exe? By configuring an RDP file to use
a specific shell?

If the admin said he's *actually trying* to block user's access to
cmd.exe (or whatever file you can access), then whatever he's using now
is not effective. The bug then is in the admin way of thinking, not on RDP.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: