Page 1 of 1
Win 2k/NT Security Hole
Posted: Fri Mar 29, 2002 10:52 pm
by DesertFox
Hey, I was just out reading news, and came across this:
http://www.extremetech.com/article/0,3396,s=201&a=24754,00.asp
Thought i would give you the heads up if you find that interesting.
Posted: Sat Mar 30, 2002 12:18 am
by greEd
Yes I heard about this earlier today ... I haven't done much with it yet but it looks interesting. Code has also been released for the exploit, I upped it to my server if you want to check it out:
http://www.computerglitch.net/node.php?id=3 "debploit" under Misc. Security.
To test your system for this vulnerability:
1. Download DebPloit.zip and unzip it to the directory on your hard drive.
2. Logoff and login again using Guest (or any other non-administrative
account) account.
3. Run ERunAsX.exe from the command line and specify a program you wish to
execute under the SYSTEM account (e.g. "ERunAsX.exe cmd").
4. Your program now runs under the SYSTEM account and you can do everything
(e.g. create new user with an administrative privileges) on the local
computer.
regards,
greEd
Posted: Sat Mar 30, 2002 8:43 am
by JackHamma96
I always knew that but I thought I had configured Win2k wrong
