Different scenarios leading to privilege escalation
Design issues , implementation flaws, untimely system updates , permission issues etc
We ain’t talking about overflows here , just logics and techniques
4. What are we here for ?
• Different scenarios leading to privilege
escalation
• Design issues , implementation flaws,
untimely system updates , permission issues
etc
• We ain’t talking about overflows here , just
logics and techniques
5. Flavours are we looking at ?
• Windows XP
• Windows 7
• Windows 2003
6. Two Types of Escalation
• Admin to System
– Easy , not much effort needed
• User to System
– Here is where the real deal lies in
7. Admin to System
( Piece of Cake )
• The famous “at” command
• “psexec” anyone ?
14. Creds in Files
• C:usersvictimDesktoppassword.xls
• C:>dir /b /s web.config
• C:>dir /b /s unattend.xml
• C:>dir /b /s sysprep.inf
• C:>dir /b /s sysprep.xml
• C:>dir /b /s *pass*
• Registries are also a good place to have a look
at
17. Abusing Service misconfigurations
• Possible attack vectors ?
– Editing the service config
– Editing the binary path
Todays Discusssion
– Unquoted Service path Vulnerability
23. Editing Service Binaries
• What are service binaries ?
• How do we exploit them ?
• Lets exploit upnphost of the Windows system
a default servcice that runs