wirepair wrote: > Hello, I'm attempting to finish up my exploit for the @stake advisory, > i've hit quite a snag when i found out that calling a new process does > not inherit the privileges of the named pipe. (I must have been thinking > of fork() or something heh). So I can impersonate SYSTEM, but I can not > create a new process with these nice privileges. Can you tell if you end up with the TOKEN_ADJUST_PRIVILEGES priv? If I recall correctly (and I probably don't) child processes of system will have that prive, but not have the other privs turned on. You have to use AdjustTokenPrivileges to get them. BB
This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 14:33:36 PDT