[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Process Killing - Playing with PostThreadMessage

To: "Brett Moore" <brett.moore@security-assessment.com>
Subject: Re: [Full-Disclosure] Process Killing - Playing with PostThreadMessage
From: Georgi Guninski <guninski@guninski.com>
Date: Thu, 2 Oct 2003 13:30:22 +0300

On Thu, 2 Oct 2003 17:28:14 +1200
"Brett Moore" <brett.moore@security-assessment.com> wrote:

> 
> It appears from our testing that any thread running under any security
> level will accept a WM_QUIT message, causing the process to terminate.
> 

...

> While this does not have the security implications of 'privilege escalation'
> attacks, it may cause some concerns under certain circumstances.
> 

In some circumstances this probably may be used for privilege escalation.
In windoze a process may escalate its privileges if a more privileged process 
writes to its named pipes. So if you manage to kill a process which holds 
important named pipe, then create the same named pipe and then someone writes 
to your named pipe you may elevate your privileges.
You may check http://www.guninski.com/dr07.html for an old demo.

georgi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Process Killing - Playing with PostThreadMessage
  - From: "Brett Moore" <brett.moore@security-assessment.com>

Prev by Date: RE: [Full-Disclosure] FW: This beats me!!!
Next by Date: [Full-Disclosure] MSN appears to be being a bit snoopy via a Hotmail server...
Previous by thread: [Full-Disclosure] Process Killing - Playing with PostThreadMessage
Next by thread: [Full-Disclosure] FW: This beats me!!!
Index(es):
- Date
- Thread