On Fri, 8 Jun 2001, Adams, Mark wrote: > I am currently trying out pipeupsam.exe and pipeupadmin.exe on a W2K / IIS5 > box. It appears that both programs try to utilize the Clipbook service in > order to perform their respective actions, but they only work if I manually > start the service on the web server. I have a remote netcat command shell > on the web server and am trying to elevate my rights using these tools, but > I am trying to figure out how I can do it. If the Clipbook service is not > started then I get an error saying so and it hangs; if the Clipbook service > is started then I get an "Access Denied" message and it hangs. Any ideas? An exploit has been relased recently on the hungarian security-l, which can get SYSTEM privileges on Win2K AdvSrv (work with all sp). This exploit based on Maceo's named pipe escalation attack method, but its more usefull. I don't know if it is relased yet (or it is privite code). I use this exploit many times in many projects, and always workd fine. If you really want, I can revise it. Best Regards, Tamas Foldi Penetration Tester . . _ __ ______________________________________________________ __ _ . . Foldi Tamas - We Are The Hashmark In The Rootshell - Security Consultant crowat_private - PGP: finger://crowat_private - (+3630) 221-7477
This archive was generated by hypermail 2b30 : Sun Jun 10 2001 - 08:14:40 PDT