Vulnerability Development mailing list archives
Re: More on Shatter
From: Darryl Luff <darryl () snakegully nu>
Date: Mon, 26 Aug 2002 03:00:44 +1000
HalbaSus wrote:
I don't want to be rude but... we're talking about a win32 local exploit here !!!!
...
3. As long as someone needs phisical access for this it's not really such a serious problem.. usually when someone has phisical access to a computer he can do mostly whatever he/she wants. Without using exploits...You don't have to have physical access to run 'local' attacks, you just need to get your code onto the system and run it. There are any number of well known ways of doing that. So the problem is whether the context your injected code or command line runs in has a privileged window available to it or not.
I'd find it hard to believe that IIS doesn't have at least one privileged hidden window running. But are they accessible to injected code?
I agree that if you have physical access you've won, but just because you don't have physical access doesn't mean you've lost.
4. And probably the most important reason: Shatter is one of those mostly harmless yet very neet exploits that you can impress your friends with... or
....I don't think it can be called harmless, and I think that the more people poke around with the available windows messages, the more interesting possibilities will emerge.
Current thread:
- More on Shatter Chris Paget (Aug 23)
- Re: More on Shatter Daniel Newby (Aug 23)
- Re: More on Shatter Dragos Ruiu (Aug 24)
- Re: More on Shatter Daniel Newby (Aug 24)
- Re: More on Shatter Dragos Ruiu (Aug 24)
- <Possible follow-ups>
- re: More on Shatter HalbaSus (Aug 25)
- Re: More on Shatter Darryl Luff (Aug 25)
- Re: More on Shatter Syzop (Aug 26)
- Re: More on Shatter H C (Aug 26)
- RE: More on Shatter Kris Kistler (Aug 26)
- RE: More on Shatter Richard Masoner (Aug 26)
- RE: More on Shatter Mark Ribbans (Aug 26)
- RE: More on Shatter Kayne Ian (Softlab) (Aug 27)
- Re: More on Shatter Daniel Newby (Aug 23)