Vulnerability Development mailing list archives
Re: the microsoft hack & windows 2000
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Tue, 31 Oct 2000 15:21:40 +0800
At 02:13 AM 30-10-2000 -0500, Masial wrote:
while having absolutely no rights on the source safe servers. Is it possible that Windows2000 will bring new shades in accounts hacking? How do you get out of a partial-admin account? Where can you elevate your privileges?
Just get the correct passwords? W2K has IE. And IE has the autocomplete flaw for passwords. You can also sniff or keylog. All you need to do is to write a custom trojan, test it on the publicly available antivirus stuff out there, making sure it passes. Then figure out a way of delivering it to the target site- I'm sure there are many ways, Microsoft has conveniently provided many of them. Microsoft Lookout/Lookout Express come to mind. For communications the trojan just has to make outbound http connections, utilizing the default internet proxy settings, and proxy passwords from the autocomplete cache (or sniff for the passwords first if necessary). The worm could then download further instructions/modules from 3rd party guestbooks, web accessible USENET news archives or mailing list archives. A bit of work to do it, but it doesn't look impossible. Cheerio, Link.
Current thread:
- the microsoft hack & windows 2000 Masial (Oct 31)
- Re: the microsoft hack & windows 2000 Lincoln Yeoh (Nov 01)
- <Possible follow-ups>
- Re: the microsoft hack & windows 2000 Elliott Abraham (Nov 01)