Tuesday, September 26

Gain System Privilege in Windows?

Gea-Suan Lin quoted Bruce Schneier's blog which introduced an article talking about how to get System Privilege:
On many machines this can be exploited even with the guest account.
And Gea-Suan Lin's blog name is "I love Microsoft". They all think Microsoft is so bad in security.

But that is not true. I tried a guest account in my computer, but failed to get system privilege. So I tried a user account and failed again. Finally I tried an administrator account, and successfully get the so-call system privilege. If an intruder has administrator account, he can do anything he want, he doesn't need to "steal" system account.

The method the article instroduced is to add a task into schedule:
at 15:15 /interactive "cmd.exe"
Then when the task "cmd.exe" is executed, a new DOS window with System privilege is created, and from this DOS window you can execute commands with System privilege.

The problem is: without administrator's (or higher) privilege,
(Please read the second comment below)

So, this is a false news. How many people have read it?
The blog of original article has 29 subscribers in bloglines.
Bruce Schneier’s blog has 3052 subscribers.
Gea-Suan Lin’s blog has 496 subscirbers.
According to my feedburner’s statistics, when 130 visitors visited my feed, 70 of them subscribed from bloglines. So I would say:
First blog has 60 visitors.
Second blog has 6000 visitors.
Third blog has 1000 visitors.
And these visitors are those readers who know to use blog tools to visit RSS feeds. Let’s assume 10% of the bloglines subscribers have their own blogs, and 10% of those blog owners write blogs about this news.
The first blog only attract one blog writer, Bruce Schneier.
60 blogs were written after reading Bruce Schneier’s blog, and each of them have 1000 visitors as Gea-Suan Lin’s. We call these blogs “third level blogs”.
5 blogs were written after reading third level blog, and each of them have 130 visitors as mine’s.

First level has 1 blog, 60 visitors
Second level has 1 blog, 6,000 visitors
Third level has 60 blogs, 60,000 visitors
Forth level has 300 blogs, 39,000 visitors
Totally there are 362 blogs writtern, and 105,060 visits.

That’s interesting. How many of these visitors know this is a false news, and how many of them think Microsoft is a crap?

Btw: Bruce Schneier’s blog is in English, and Gea-Suan Lin’s blog is in Traditional Chinese, and today I’ve seen one blog talking about this topic in Simplified Chinese.



At September 28, 2006 10:36 AM, Anonymous xlsyu said...

This is not completely false. It uses the at--taskschedule, and it happened I had already turned that off because I didn't see any use of that tool anyway.

the tools are in:

At September 28, 2006 12:17 PM, Blogger Ben said...

The problem is: without administrator's (or higher) privilege, no one can add a new task into schedule. I failed to do so using User account and Guest account, so I checked the comment of the original article, and found somebody replied as follow:
This is the dumbest thing I think I've ever read. You need admin priviledges to be able to run At anyway, so how is this an exploit? This is something MS built into windows (since NT 3.51) as a legitimate way for an admin to jump to system-level access.
I agree with him.

Above words should replace the "xxxxxx" in the blog, but I can't put it in. Blogger.com refused to accept that.

At September 28, 2006 10:21 PM, Anonymous xlsyu said...

No, you don't need admin account to do at. I just tested on a win2000 machine and ran the at command successfully. Maybe my user account has a high privilege since I can install programs without switching to the admin account.


Links to this post:

Create a Link

<< Home