Penetration Testing mailing list archives
Re: Does the SMS remote control user leave footprints in process memory ?
From: Marco Ivaldi <raptor () mediaservice net>
Date: Fri, 30 May 2008 10:31:28 +0200 (ora solare Europa occidentale)
On Wed, 28 May 2008, me wrote: [snip]
My goal is to see what risks a SMS remote control user faces when they remote control another person's machine - can someone get the SMS user's NTLM hashes or any other type of creds ??I have some experience with keyloggers and the GINA - but when it comes to hashes/security tokens in memory - I am still learning.
You should also take a look at this cute little tool: http://lab.mediaservice.net/code.php#runasuser"RunAsUser uses DLL injection techniques to gain SYSTEM privileges abusing the LSASS.EXE process, then it duplicates the security token of the target process and runs an arbitrary program, effectively impersonating the owner of the target process."
Other interesting information about Windows access tokens: http://www.argeniss.com/research/TokenKidnapping.pdf http://www.mwrinfosecurity.com/publications/mwri_security-implications-of-windows-access-tokens_2008-04-14.pdf http://sourceforge.net/projects/incognito http://www.insomniasec.com/tools/InsomniaShell.zip Cheers, -- Marco Ivaldi, OPST Red Team Coordinator Data Security Division @ Mediaservice.net Srl http://mediaservice.net/ ------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Does the SMS remote control user leave footprints in process memory ? me (May 29)
- Re: Does the SMS remote control user leave footprints in process memory ? natron (May 29)
- Re: Does the SMS remote control user leave footprints in process memory ? Marco Ivaldi (May 30)