Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

FW: Updated Version & Exploit - Privilege escalation in Nortel Contivity VPN Client V05_01.030
From: Jeff Peadro <jeff.peadro () gmail com>
Date: Fri, 12 Aug 2005 09:49:43 -0500
Updated to add additional version & exploit details.  Reps to Crime Dog

Vulnerable Versions:
Nortel Contivity VPN Client V05_01.100

Patches/Workarounds:
Good question

Exploit:

1. With the Contivity client open click go into "Group
Authentication Options"

2. Select "Challenge Response Token" options.

3. Click on the "Software Token Directory" browse button.

4. Change Files of type: to All Files, navigate to the system32
directory and locate cmd.exe. Right click cmd.exe and choose Open.

The result is a command prompt running under the context of the
LocalSystem account.

Discovered by Crime Dog thecrimedog[at]sbcglobal[dot]net

  By Date           By Thread  

Current thread:
  • FW: Updated Version & Exploit - Privilege escalation in Nortel Contivity VPN Client V05_01.030 Jeff Peadro (Aug 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]