RE: Winnt/Win2k Vuln ?

From: Red Pantz (redpantzat_private)
Date: Mon Aug 13 2001 - 06:30:09 PDT

  • Next message: Skinner, Kit: "RE: Possible probe of port 137 using udp 50?????"

    
     ('binary' encoding is not supported, stored as-is)
    Jeremy, 
    
    This is not case specific. You can run (almost) any file of your chosing.  And the file being executed runs only w/ the permission that are already supplied for the user (so far ;) )
    
    > "Jeremy Rodriguez" <jrodriguez@intellinet-tech.com>Cc: <vuln-devat_private>
    > RE: Winnt/Win2k Vuln ?Date: Fri, 10 Aug 2001 14:33:03 -0400
    >
    >Regular users have read, read and execute permissions.
    >Is the significance, that the autoexec.bat can be altered and then ran?
    >How is this possible without write permissions?
    >If one can alter it, then it could be exploited.
    >
    >-----Original Message-----
    >From: Mike Duncan [mailto:securityat_private]
    >Sent: Thursday, August 09, 2001 2:26 PM
    >To: Red Pantz
    >Cc: vuln-devat_private
    >Subject: Re: Winnt/Win2k Vuln ?
    >
    >
    >> - copy autoexec.bat to ..\desktop
    >> - rename autoexec.bat to www.google.com (can be any url)
    >> - then go to IE and type "www.google.com"
    >> - your batch file is then ran
    >
    >Confirmed on Win2K Pro SP1 (5.00.2195) with IE 5.50.4522.1800 (56-bit). 
    >Actually IE tried to download the www.google.com file probably because of
    >the '.com' extension. I also went to START/RUN and typed in www.google.com
    >and it tried to run it too (actually giving me an error about it was not a
    >vaild Win32 App).
    >
    >-- 
    >Mike Duncan
    >securityat_private
    >http://www.randomtask.net
    >
    >"This is what happens when parents make 
    >their kids play with dried up Play-Doh."
    >                              - Tim Mullen
    
    
    ------------------------------------------------------------
    [- Get your own free e-mail @ http://www.crackdealer.com -]
    



    This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 08:52:08 PDT