Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: RE: Microsoft RDP Priv. Escalation
From: Yousif () Vapt-Sec com
Date: 9 Apr 2008 03:04:13 -0000
Thor - Did you consider trying this out or did you merely read? Uploading .RDP files for direct access via the web is 
obviously wrong, but that's beyond the point of this entire insecurity, and you my friend are not comprehending it. The 
information about the insecurity isn't illegal as I did not use valid information from any .RDP connection file. The 
cmd.exe thing is simply an example. Other applications that wouldn't normally execute can be executed with this as 
well. The escalation is the ability to run applications you shouldn't be able to with such an account. It's under the 
privileges of the user, but the idea is, those privileges don't allow you to execute certain programs. Through that, 
you can.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]