Re: Re: Microsoft RDP Priv. Escalation

From: Yousif@Vapt-Sec.com
Date: Tue Apr 08 2008 - 22:39:59 EDT

Next message: markus sesser: "Re: Tool or Scirpt for DHCP Pool Exhaust Attack"
Previous message: David Howe: "Re: Certificate store"
Maybe in reply to: Memet Anwar: "Re: Microsoft RDP Priv. Escalation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Mark Owen - Say for example you've downloaded an executable on a computer that you have access to. Also, say the account you have access to WILL NOT allow you to run THAT executable. With the "alternateshell" option, you COULD run that executable. CMD.EXE Was simply an example as it is commonly disabled on typical user accounts.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Next message: markus sesser: "Re: Tool or Scirpt for DHCP Pool Exhaust Attack"
Previous message: David Howe: "Re: Certificate store"
Maybe in reply to: Memet Anwar: "Re: Microsoft RDP Priv. Escalation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:30 EDT