On Wed, 2003-07-09 at 02:32, ph1zzle wrote: > On Tue, 2003-07-08 at 13:08, Bernie Cosell wrote: > > I've been wondering: are there exploits/vulnerabilities that can burrow > > into a system through a limited account on XP? I've tried playing around > > a little bit [but I'm really not very much of an XP-hacker] and it sure > > seems hard to get a toehold on the system from my limited account. With > > the entire system drive essentially read-only, and with its not being > > able to mess with ADMIN or SYSTEM processes, I wonder just how vulnerable > > XP is... [for example, I"ve been tempted (but too chicken) to try > > intentionally infecting myself with one or another of the email-borne > > viruses just to see how far they could penetrate into my system]. > > > > /Bernie\ > > Well bernnie, I am not a xp person myself, in fact I am a linux and > openbsd person but here is what I can tell you about what I do know > about Windos XP. The system is a multiuser system with privledge > seperation. this means that unless one (stupid) e-mail viruses includes > exploit code targeted towards windows xp, it will only infect with the > credentials given to the user who was infected and there for will only > be able to damage the user who ran it. So you being chicken saved you > from destroying your own data and not affecting the rest of the system. > Now I do believe there are some exploits out there that do take > advantage of the system in such a way that you can escalate privledges, > but since I havn't used a windows machine since 2k first came out, I > don't know what any of these are. So since it sounds appearent you are > not a programmer, or at least not a exploit programmer, so if you are > truly determined to get in, I suggest you use code that someone who > knows what they are doing has wrote. try packetstormsecurity[dot]org or > hack[dot]co[dot]za. oh and "keeep reaching for that rainbow" (<- heh, > simpsons). > > --ph1zzle > "lea eax, [ebp + 4]"
This archive was generated by hypermail 2b30 : Fri Jul 11 2003 - 16:40:19 PDT