gwionwild colonial boyPremium,ExMod 2001-08
|reply to Steve |
Re: Analysis of Backstealth technology
Well, trying to run this as "user" in my NT setup kills it instantly... just plain dies the minute I press the go button. I saw a few log entries "denied" referring to it... and some attempted accesses contemporaneous with the test that are unusual ... some service controller and token stuff, but I'm not looking at it, right now, so that's my best comment, for now.
Haven't had a chance to review them all... but something in that configuration is murder on this exploit. I wish I could put my finger on what it is...
Probably immaterial, though, since most win users are reticent about running as admin full time, anyhow... defeating any real advantage that NT family security provides pretty much entirely. Which was why I took it to a junker and ran it as admin to start off, figuring that would be the way 80% of users will be running... and, of course, that 9x users have no choice at all in the matter ...
Forget and forgive. This is not difficult, when properly understood. It means you are to forget inconvenient duties, and forgive yourself for forgetting. In time, by rigid practice and stern determination, it comes easy.
- Mark Twain
[text was edited by author 2002-05-02 14:48:10]
SteveI know your IP addressConsultant
Yorba Linda, CA
said by gwion: Most likely the process is not able to acquire the seDebugPrivilege right. Run the program in a cmd window and there should be debugging information to the console.
Well, trying to run this as "user" in my NT setup kills it instantly...
Stephen J. Friedl Security Consultant Tustin, California USA »www.unixwiz.net