Vulnerability Development mailing list archives
Re: Windows 2000 Runas weirdness
From: ian <cheeken () cs bu edu>
Date: Tue, 18 Dec 2001 19:01:30 -0500
but the RunAs service runs as LocalSystem.... which actually it has to do in order to assign a new token to the process it's launching for you (CreateProcessAsUser requires SE_TCB_PRIVILEGE) although you say it's the .exe crashing and not the service... interesting to try it and see if the service is affected also.. (it runs in services.exe apparently) ian jesperht () hotmail com wrote:
Hiyas, Here is an interesting bug I found with the Win2k "runas" command. Could be exploitable, but I dont think that it would do much good as the error that comes up when you issue the command refers to "runas.exe" in the title bar. Heres what happens: C:\>runas /user:administrator AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA Enter password for administrator:(can be any password, doesnt have to be the right one...) Attempting to start "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A" a s user "administrator"... I then gives a "The instruction at "0x77fcbcd2" referenced memory at "0x00000100". The memory could not be "written"." error. Let me know what you guys think/find out, im curious :-). -Scarabus jesperht () hotmail com
Current thread:
- Windows 2000 Runas weirdness jesperht (Dec 18)
- Re: Windows 2000 Runas weirdness ian (Dec 18)
- Re: Windows 2000 Runas weirdness flume (Dec 20)
- Re: Windows 2000 Runas weirdness ian (Dec 18)