Re: Named Pipe Impersonation -> CreateProcessAsUser();

From: Blue Boar (BlueBoarat_private)
Date: Mon Jul 14 2003 - 13:13:54 PDT

Next message: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"

Previous message: wirepair: "Named Pipe Impersonation -> CreateProcessAsUser();"
In reply to: wirepair: "Named Pipe Impersonation -> CreateProcessAsUser();"
Next in thread: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

wirepair wrote:

> Hello, I'm attempting to finish up my exploit for the @stake advisory, 
> i've hit quite a snag when i found out that calling a new process does 
> not inherit the privileges of the named pipe. (I must have been thinking 
> of fork() or something heh). So I can impersonate SYSTEM, but I can not 
> create a new process with these nice privileges. 

Can you tell if you end up with the TOKEN_ADJUST_PRIVILEGES priv?  If I 
recall correctly (and I probably don't) child processes of system will have 
that prive, but not have the other privs turned on.  You have to use 
AdjustTokenPrivileges to get them.

						BB

Next message: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"
Previous message: wirepair: "Named Pipe Impersonation -> CreateProcessAsUser();"
In reply to: wirepair: "Named Pipe Impersonation -> CreateProcessAsUser();"
Next in thread: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 14:33:36 PDT