Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: Microsoft RDP Priv. Escalation

from [Thor (Hammer of God)] Network Security [Permanent Link]
Subject: RE: Re: Microsoft RDP Priv. Escalation
Date: Tue, 15 Apr 2008 07:35:28 -0700 
So, let me see if I get this right:

You're "unsure" of what the admin may or may not have done regarding
permissions or rights, yet you have no problem with publishing a
"vulnerability in the rdp protocol" touting "privilege escalation"
complete with a trite photo of Bill Gates "praying?"  

You are in fact, and by your own admission, "guessing" about what type
of account is used??  This is simply ridiculous. 

Sir, may I suggest in the future that you use these forums to first
"learn" what you need to know before immediately posting and publishing
"vulnerability" information regarding technologies that you obviously
don't understand.  It's not just that you embarrass yourself, but more
importantly, this type of irresponsible posting only serves to distract
and confuse those who may trust that you are qualified to advise them of
RDP security issues.  Did you even bother sending off a note to
secure@microsoft first?  

For those of you following along, here's all you have to do to test
this: Log on to the RDP host and set "deny rx" on notepad.exe.  Using
MSTSC, select "start program on connect" and use, say, calc.exe.  Log on
- you'll see "calc" run.  Perfect.  Now do the same thing but use
"notepad.exe" instead then logon again - oops!  "Access denied."  You
can also just save the .rdp file and edit "alternate shell," but it will
do the same thing.

Improperly deployed/secured Terminal Services/Remote Desktop solutions
can indeed introduce serious security issues into your infrastructure.
That's why it is important to do your research before deploying them.
But as a researcher dispensing information on security, it is even more
important for you to perform your technical due diligence in a
professional manner before posting vulnerabilities based on things you
are "unsure" of or "guessing" about.  Sorry to sound rude, but things
are hard enough already without adding more FUD. 

t

-----------
Check out Tim Mullen's "Microsoft Ninjitsu" training at Blackhat Vegas
2008! 
There are also some other great NGS classes available lead by
world-class researchers and trainers.
http://www.blackhat.com/html/bh-usa-08/train-bh-usa-08-tm-ms-bbe.html






-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of Yousif@Vapt-Sec.com
Sent: Sunday, April 13, 2008 9:06 AM
To: pen-test@securityfocus.com
Subject: Re: Re: Microsoft RDP Priv. Escalation

Memet - Alright, how the admin went about disabling access to that
file, im unsure, my guess is, I was using a very limited user account,
and limited meaning, the way Windows limits "those" kind of accounts.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SAP - Remote Function Call (RFC) hacking, RexRufi
Next by Date:  Session Hijacking Security, 11ack3r
Previous by Thread:  Re: Re: Microsoft RDP Priv. Escalation, Yousif
Next by Thread:  Update on the penetration testing directory project, Victor DaViking
Indexes:  [Date] [Thread] [Top] [All Lists]