Penetration Testing mailing list archives

Re: Pipeupsam Usage

From: Tamas Foldi <crow () kapu hu>
Date: Sun, 10 Jun 2001 12:07:21 +0200 (CEST)

On Fri, 8 Jun 2001, Adams, Mark wrote:

I am currently trying out pipeupsam.exe and pipeupadmin.exe on a W2K / IIS5
box.  It appears that both programs try to utilize the Clipbook service in
order to perform their respective actions, but they only work if I manually
start the service on the web server.  I have a remote netcat command shell
on the web server and am trying to elevate my rights using these tools, but
I am trying to figure out how I can do it.  If the Clipbook service is not
started then I get an error saying so and it hangs; if the Clipbook service
is started then I get an "Access Denied" message and it hangs.  Any ideas?


        An exploit has been relased recently on the hungarian security-l,
which can get SYSTEM privileges on Win2K AdvSrv (work with all sp). This
exploit based on Maceo's named pipe escalation attack method, but its more
usefull. I don't know if it is relased yet (or it is privite code).

        I use this exploit many times in many projects, and always workd
fine.

        If you really want, I can revise it.

Best Regards,
Tamas Foldi
Penetration Tester

. . _ __ ______________________________________________________ __ _ . .
Foldi Tamas - We Are The Hashmark In The Rootshell - Security Consultant
   crow () kapu hu - PGP: finger://crow () thot banki hu - (+3630) 221-7477

Current thread:

Pipeupsam Usage Adams, Mark (Jun 08)
- Re: Pipeupsam Usage Todd Willey (Jun 08)
- Re: Pipeupsam Usage Tamas Foldi (Jun 10)
- <Possible follow-ups>
- RE: Pipeupsam Usage Lucyga, Dierk - Munich (Jun 28)