Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: priviledge escalation techniques

From: BSK <bishan4u () yahoo co uk>
Date: Thu, 20 Jan 2005 11:13:02 +0000 (GMT)
That's really strange. It works in WinXP.
Perhaps there was a change in functionality (for
bad!) from Win2K to XP?
The only possibility I can imagine is either:
a) something blocks launching interactive programs
before logon in 2K, but 
not in XP
b) 2K is checking that sethc.exe is valid before
launching it, and XP is 
not doing that check (I don't really think that this
is the case, but...)

Do you have any XP box to test?? I'll try to get
hold of a 2K as well.


I couldn't try on a XP box, but tried on a windows
2000 server. It behaves very differently here, after
the replacement of sethc.exe with cmd.exe:
1. before logging in, pressing 'shift' 5 times,
invokes sethc.exe but the original one, which in fact
doesn't exist in system32 directory, atleast with same
name. I think windows regenerated that file but with
some other name.
2. if I press 'shift' 5 times after logging in,
nothing appears, neither original sethc.exe nor the
replaced sethc.exe

Any clues?


        
        
                
___________________________________________________________ 
ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: