Good luck with that... you might want to look into msgina.dll , try replace that ;) have phun xd
On 26 September 2011 10:29, Travis Biehn <[email protected]> wrote: > It might be a fun experiment to see what DLLs they're looking for :.) > > > -Travis > > On Sun, Sep 25, 2011 at 2:57 PM, <[email protected]> wrote: > >> To replace a service executable you usually need administrator access >> anyway. >> >> >> ------Original Message------ >> From: Madhur Ahuja >> Sender: [email protected] >> To: [email protected] >> To: [email protected] >> Subject: [Full-disclosure] Privilege escalation on Windows using >> BinaryPlanting >> Sent: 25 Sep 2011 19:31 >> >> Imagine a situation where I have a Windows system with the restricted >> user access and want to get the Administrator access. >> >> There are many services in Windows which run with SYSTEM account. >> >> If there exists even one such service whose executable is not >> protected by Windows File Protection, isn't it possible to execute >> malicious code (such as gaining Administrator access) simply by >> replacing the service executable with malicious one and then >> restarting the service. >> >> As a restricted user, what's stopping me to do this ? >> >> Is there any integrity check performed by services.msc or service >> itself before executing with SYSTEM account ? >> >> Madhur >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> Sent from my POS BlackBerry wireless device, which may wipe itself at any >> moment >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > Twitter <https://twitter.com/tbiehn> | > LinkedIn<http://www.linkedin.com/in/travisbiehn>| > GitHub <http://github.com/tbiehn> | > TravisBiehn.com<http://www.travisbiehn.com> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
