: Steve Syfuhs [st...@syfuhs.net]
Sent: 26 September 2011 19:09
To: Madhur Ahuja; security-bas...@securityfocus.com;
full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Privilege escalation on Windows using
Binary Planting
Well yeah, if the system that's designed to protect
...@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Privilege escalation on Windows using Binary Planting
Imagine a situation where I have a Windows system with the restricted user
access and want to get the Administrator access.
There are many services in Windows
-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Privilege escalation on Windows using Binary
Planting
Well yeah, if the system that's designed to protect you isn't functioning, then
you aren't protected and all sorts of bad things can happen.
When services starts up, the root service
Imagine a situation where I have a Windows system with the restricted user
access and want to get the Administrator access.
There are many services in Windows which run with SYSTEM account.
If there exists even one such service whose executable is not protected by
Windows File Protection, isn't
Imagine a situation where I have a Windows system with the restricted
user access and want to get the Administrator access.
There are many services in Windows which run with SYSTEM account.
If there exists even one such service whose executable is not
protected by Windows File Protection, isn't
I havn't sent this email without doing a Proof of concept. It actually works
with *Google Update Service*.
The restricted user can replace GoogleUpdate.exe to execute malicious code.
This service is installed by any of Google component such as Picasa, Google
Talk etc.
Hrmm that sounds abit to good to be true :P
id love to see what it involves...ie, the PoC.. and, i dont use
googleupdate,so,why would this affect non chrome users.. i dunno.. still
seems like not enough there to convince me yet, sorry.
xd
On 26 September 2011 11:18, Madhur Ahuja
I agree. I am only talking of the scenario where this service is
pre-installed.
On Monday, September 26, 2011, Thor (Hammer of God) wrote:
You'd have to be admin to install as a service, and the service would
obviously need to then be running as local system to be of benefit (beyond
what a
I agree. I am only talking of the scenario where this service is
pre-installed.
But before it was all about 3rd party addons wich run as a service... it is
not happening, i can tell u this from many yrs of exp with windows, it wont
happen.
MS will not rewrite sdks,ddks,its whole stdafx/msdn