Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: Microsoft RDP Priv. Escalation
From: Memet Anwar <mmta.gm () gmail com>
Date: Thu, 10 Apr 2008 02:36:03 +0700
Yousif () Vapt-Sec com wrote:

.RDP connection file. The cmd.exe thing is simply an example. Other
applications that wouldn't normally execute can be executed with this
as well. The escalation is the ability to run applications you
shouldn't be able to with such an account. It's under the privileges
of the user, but the idea is, those privileges don't allow you to
execute certain programs. Through that, you can.


As Thor said, "Exactly how were they disabled?", how the admin configure
the system to block access to cmd.exe? By configuring an RDP file to use
a specific shell?

If the admin said he's *actually trying* to block user's access to
cmd.exe (or whatever file you can access), then whatever he's using now
is not effective. The bug then is in the admin way of thinking, not on RDP.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]