Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [Roy Schestowitz Lies Again] Windows Permits Anyone to Become an Administrator (was: [News] Windows Permits Anyone to Become an Administrator)

  • Subject: Re: [Roy Schestowitz Lies Again] Windows Permits Anyone to Become an Administrator (was: [News] Windows Permits Anyone to Become an Administrator)
  • From: ed <ed@xxxxxxxxxxx>
  • Date: Sat, 23 Sep 2006 12:21:40 GMT
  • Newsgroups: comp.os.linux.advocacy
  • Organization: NTL
  • References: <3403397.VrdnS3GvbK@schestowitz.com> <s7b2alqjv2q2$.dlg@funkenbusch.com>
  • Xref: news.mcc.ac.uk comp.os.linux.advocacy:1158928
On Fri, 22 Sep 2006 15:51:05 -0500
Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> wrote:

> Subject: Re: [Roy Schestowitz Lies Again] Windows Permits Anyone to
> Become an Administrator (was: [News] Windows Permits Anyone to Become
> an Administrator) Date: Fri, 22 Sep 2006 15:51:05 -0500
> User-Agent: 40tude_Dialog/2.0.15.1
> 
> On Fri, 22 Sep 2006 21:16:43 +0100, Roy Schestowitz wrote:
> 
> > Windows XP Privilege Escalation Exploit
> > 
> > ,----[ Quote ]
> >| Running A Desktop With Full System Privileges
> >| 
> >| A tutorial on how to trick Windows XP into giving you system privs.
> >
> > `----
> > 
> > http://passivemode.net/updates/2006/6/5/windows-xp-privilege-escalation-exploit.html
> > 
> > No need to even depart from La-la Land. No buffer overflows; no
> > physical intervention; no social engineering. Proof that the
> > operating system is a toy.
> 
> Wrong, Roy.  Again.  Physical access to the console is required.  This
> will not work remotely because the /interactive switch only allows it
> to interact with the default desktop.
> 
> Second, You have to be an administrator already, or been given the
> rights to create at jobs deliberately.  As such, either way, you have
> to have Administrator in order to do this.  If you have Administrator
> rights, you can do anything you want anyways with a little work.
> 
> It's equivelent to a root exploit on Linux in which bash is setuid
> root. You have to be root to setuid root in the first place, so it's
> hardly a real exploit.

Where exactly is Roy wrong, he does not say that it's remote (or local
to that matter), this is a novelty news item... It's not a freaking
essay.

Get or enjoy life... either way, when you present material that's
superior in the news category then you can criticise Roys...

FWIW, I don't think the 'at' command runs as root does it?

-- 
Regards, Ed                      :: http://www.openbsdhacker.com
just another c++ hacker
Approximately 13.7 billion years ago Mr. T pitied his own gold 
chains. The resulting chaos caused the Universe to collapse on itself 
triggering the Big Bang.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index