Vulnerability Development: Re: ImpersonateNamedPipeClient -- "How Named Pipe Security Works"

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: ImpersonateNamedPipeClient -- "How Named Pipe Security Works"

From: Matt Conover <shok () CAMEL ETHEREAL NET>
Date: Thu, 3 Aug 2000 08:12:10 -0700

I have a follow up message that I'm still waiting to go through, but
yes.  I verified with some people here that you can only impersonate a
client with an account on the machine (these can be through the
domain--i.e., if you look at your user manager and you're in the domain,
you'll see things like DOMAINNAME\username.  If they aren't in the list of
users, you can't impersonate them--there are *no* exceptions to this.

Matt

By Date By Thread

Current thread:

ImpersonateNamedPipeClient() vulnerabilities Mikael Olsson (Aug 02)
- Re: ImpersonateNamedPipeClient -- "How Named Pipe Security Works" Matt Conover (Aug 03)
  - Re: ImpersonateNamedPipeClient -- "How Named Pipe Security Works" Mikael Olsson (Aug 03)
    - Re: ImpersonateNamedPipeClient -- "How Named Pipe Security Works" Matt Conover (Aug 03)
  - Re: "How Named Pipe Security Works" (update) Matt Conover (Aug 03)
  - Re: ImpersonateNamedPipeClient -- "How Named Pipe Security Works" Marc (Aug 03)
    - Re: ImpersonateNamedPipeClient Matt Conover (Aug 03)