Yes you can and it is a weak security system

IWETHEY v. 0.3.0 | TODO

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #133,428

Picture of orion

1/3/04 8:10:23 PM

Yes you can and it is a weak security system

that allows it. If you can run CMD.EXE in the NT/2K/XP/2003 schedule program, it will be run as Admin access. Any program you open from that CLI will get run with Admin access inculding NET.EXE, horror of horrors!

Users can bypass the program install block by installing certain software to their Documents directory which has write access. A real secure system wouldn't even let them run the install program. Some programs check for Admin rights before installing, but some like OOo does not. It is up to the install program to check for access rights before installing.

If the user has access to the Notepad or Wordpad, they can give themselves access to almost anything. Usually by "Viewing Source" in IE, they get a Notepad program, even if their policies and rights disable it. All they do is clear out the HTML source and write in a batch file and save it somewhere writable, like their start menu or documents folder. Then click on it. Create a command to add CMD.EXE to the scheduler, and they can get Admin access or whatever the system runs those programs as.

Also IIS and other programs run as certain users and have a certain level of access that the logged in user may not have. So an ASP web page can be used to write to a file or database, when the user cannot, via IIS.

"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"

Post #133,451

Picture of pwhysall

1/3/04 11:54:08 PM

Re: Yes you can and it is a weak security system

If you can run CMD.EXE in the NT/2K/XP/2003 schedule program, it will be run as Admin access.

Wrong. The CMD.EXE process will be run as the user that started it, and security will work accordingly.

Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]

NET SEND to all except a few systems? - (SpiceWare) - (42) - Dec. 5, 2003, 04:08:12 PM EST

Send to group -NT - (Silverlock) - Dec. 5, 2003, 04:30:20 PM EST

If you send not to machine names, but... - (CRConrad) - (6) - Dec. 7, 2003, 03:50:29 PM EST

Re: If you send not to machine names, but... - (deSitter) - (5) - Dec. 7, 2003, 04:08:32 PM EST

"Messenger" != "NET SEND" ? - (CRConrad) - (4) - Dec. 7, 2003, 06:48:13 PM EST

NET SEND Help - (orion) - Dec. 7, 2003, 08:13:06 PM EST

Re: "Messenger" != "NET SEND" ? - (deSitter) - (2) - Dec. 7, 2003, 09:38:51 PM EST

Alternatively... - (pwhysall) - Dec. 8, 2003, 03:11:38 AM EST

So if Darrell's gang use W2K or later, they could try my way -NT - (CRConrad) - Dec. 8, 2003, 03:18:19 AM EST

update - (SpiceWare) - Dec. 8, 2003, 10:00:34 AM EST

Re: NET SEND to all except a few systems? - (qstephens) - (32) - Jan. 1, 2004, 10:30:25 AM EST

ROFL - (deSitter) - (31) - Jan. 1, 2004, 11:47:06 AM EST

It inspires me - (orion) - (30) - Jan. 1, 2004, 11:50:45 AM EST

Re: It inspires me - (deSitter) - (22) - Jan. 1, 2004, 12:11:51 PM EST

On this we agree - (orion) - Jan. 1, 2004, 03:23:51 PM EST

Windows has no user context? - (Arkadiy) - (20) - Jan. 2, 2004, 06:38:33 PM EST

process-level user context - (deSitter) - (19) - Jan. 2, 2004, 07:53:05 PM EST

I am still at a loss as to what you mean -NT - (Arkadiy) - (18) - Jan. 2, 2004, 10:22:02 PM EST

A login is a profile - (orion) - Jan. 2, 2004, 11:36:02 PM EST

Re: I am still at a loss as to what you mean - (deSitter) - (16) - Jan. 3, 2004, 12:02:12 AM EST

You're much mistaken - (Arkadiy) - (15) - Jan. 3, 2004, 04:05:28 PM EST

Can you be logged in as two people at once? - (ben_tilly) - (7) - Jan. 3, 2004, 05:09:19 PM EST

Not log in, no. - (admin) - (3) - Jan. 3, 2004, 05:13:05 PM EST

I'll tuck that away in case I ever need it -NT - (ben_tilly) - Jan. 3, 2004, 07:33:08 PM EST

Yes you can and it is a weak security system - (orion) - (1) - Jan. 3, 2004, 08:10:23 PM EST

Re: Yes you can and it is a weak security system - (pwhysall) - Jan. 3, 2004, 11:54:08 PM EST

Certainly - (Arkadiy) - (2) - Jan. 4, 2004, 12:10:45 PM EST

Re: Certainly - (deSitter) - (1) - Jan. 4, 2004, 12:57:05 PM EST

You keep hearing yourself, not me - (Arkadiy) - Jan. 4, 2004, 08:35:49 PM EST

Re: You're much mistaken - (deSitter) - (6) - Jan. 3, 2004, 09:28:42 PM EST

What does hiererchy of processes have to do with it? - (Arkadiy) - (5) - Jan. 4, 2004, 12:14:02 PM EST

Re: What does hiererchy of processes have to do with it? - (deSitter) - (4) - Jan. 4, 2004, 12:54:51 PM EST

I am not sure what NT_AUTHORITY is - (Arkadiy) - (3) - Jan. 4, 2004, 08:42:31 PM EST

Except: - (FuManChu) - (2) - Jan. 5, 2004, 01:55:07 AM EST

RIght you are -NT - (Arkadiy) - Jan. 5, 2004, 07:18:30 AM EST

Bottom line - (pwhysall) - Jan. 5, 2004, 07:20:06 AM EST

Careful there . . - (Andrew Grygus) - (5) - Jan. 1, 2004, 12:31:49 PM EST

Does it really? - (ben_tilly) - (3) - Jan. 1, 2004, 01:53:29 PM EST

I don't remember all the details . . . - (Andrew Grygus) - (2) - Jan. 1, 2004, 02:23:54 PM EST

The licenses are more forgiving than you think - (ben_tilly) - (1) - Jan. 1, 2004, 02:48:58 PM EST

Really interesting issue - (orion) - Jan. 1, 2004, 03:27:39 PM EST

Bah! I'll make it freeware then. - (orion) - Jan. 1, 2004, 02:07:29 PM EST

that's what I did - (SpiceWare) - Jan. 2, 2004, 12:36:33 PM EST

Don't be too quick to award him the prize. It's only Thursday.
52 ms