Re: How vulnerable is a 'Limited" account on XP?

From: ph1zzle (ph1zzleat_private)
Date: Tue Jul 08 2003 - 23:33:40 PDT

Next message: Agent Smith: "Help with this."

Previous message: Jon Hart: "Re: Red Hat 9: free tickets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2003-07-09 at 02:32, ph1zzle wrote:
> On Tue, 2003-07-08 at 13:08, Bernie Cosell wrote:
> > I've been wondering: are there exploits/vulnerabilities that can burrow 
> > into a system through a limited account on XP?  I've tried playing around 
> > a little bit [but I'm really not very much of an XP-hacker] and it sure 
> > seems hard to get a toehold on the system from my limited account.  With 
> > the entire system drive essentially read-only, and with its not being 
> > able to mess with ADMIN or SYSTEM processes, I wonder just how vulnerable 
> > XP is...  [for example, I"ve been tempted (but too chicken) to try 
> > intentionally infecting myself with one or another of the email-borne 
> > viruses just to see how far they could penetrate into my system].
> > 
> >   /Bernie\
> 
> Well bernnie, I am not a xp person myself, in fact I am a linux and
> openbsd person but here is what I can tell you about what I do know
> about Windos XP. The system is a multiuser system with privledge
> seperation. this means that unless one (stupid) e-mail viruses includes
> exploit code targeted towards windows xp, it will only infect with the
> credentials given to the user who was infected and there for will only
> be able to damage the user who ran it. So you being chicken saved you
> from destroying your own data and not affecting the rest of the system.
> Now I do believe there are some exploits out there that do take
> advantage of the system in such a way that you can escalate privledges,
> but since I havn't used a windows machine since 2k first came out, I
> don't know what any of these are. So since it sounds appearent you are
> not a programmer, or at least not a exploit programmer, so if you are
> truly determined to get in, I suggest you use code that someone who
> knows what they are doing has wrote. try packetstormsecurity[dot]org or
> hack[dot]co[dot]za. oh and "keeep reaching for that rainbow" (<- heh,
> simpsons).
> 
> --ph1zzle
> "lea 	eax, [ebp + 4]"

Next message: Agent Smith: "Help with this."
Previous message: Jon Hart: "Re: Red Hat 9: free tickets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 11 2003 - 16:40:19 PDT