DebPloit + ie + passive connecting to attacker?

From: -l0rt- (simonat_private)
Date: Fri Mar 29 2002 - 14:17:24 PST

Next message: jon schatz: "Re: Truths and Lies"

Previous message: Blue Boar: "Re: Statement on "Re: New Binary Bruteforcing Method Discovered""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

All,
        I have been monitoring all of the talks about the recent
"Silent delivery and installation of an executable on a target
computer" for outlook and IE. I also noticed DebPloit which works as
described:

"
  DebPloit allows Everyone to get handle to Any process or thread.
  Handles have enough access to promote everyone to system/admin (in
  the case Target is running under LocalSystem, Administrator account).


  Works on: Any MS Windows NT 4.0, Windows 2000 (SPs before Mar-12-2002).
            Former NTs weren't tested.
 "


and can be found at:
http://www.anticracking.sk/EliCZ/bugs/DebPloit.zip

Now... what if someone decided to do a little bit of mixing here...


ie or outlook issue + DebPloit + connect_to_ip.exe

So if this works, in theory, passive connection from a desktop on the LAN
back to the attacker with a shell bound to it that has administrator
rights?   mmmm



-l0rt-

http://www.snosoft.com
---------------------------------------------------------------------
That file you've been guarding, isn't.
---------------------------------------------------------------------

Next message: jon schatz: "Re: Truths and Lies"
Previous message: Blue Boar: "Re: Statement on "Re: New Binary Bruteforcing Method Discovered""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 29 2002 - 20:31:14 PST