> Looking at the description of the IWAM_machinename account on my system, it > is listed as the "Launch Process Account". IWAM has *no* privileges other > than those explicitly granted to Guests, Users, or Everyone.
Open usermanager go to groups look in your MTS Trusted group, what do you see there? IWAM is used to access databases, it's got more than guest. If you can run an application and you have a command line to \system32 and you are a network enabled account (like IWAM) then you are just a few steps from downloading and running any code you want. (I wonder if Brett could try running tftp for us) This isn't limited, just because Brett Moore stopped with C:\WINNT\system32>whoami IWAM_BLACKHOLE doesn't mean Marc from eeye wouldn't have turned this into an automated rooter. The potential is most certainly there, you've got execute, you've got network access, game over. Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
