This one has been a real eye opening project for me. In order to minimize administrative burden many organizations use the power user group. The power user does have limited privileges, but this only gives a false sense of security. It is extremely easy for a power user to elevate themselves to an administrative user. It is this easy:
1. Find a service that runs as the system user and can be written to by the power user group.(ex. many symantec services)
2. program an exe that adds your user to the administrator group.
3. stop the service
4. replace the service exe with your exe.
5. restart the service
6. run net localgroup administrators. Look you are now an administrator.
7. relogin
Attack mitigation:
Dont use power user
Remove power user write privs to all services that run under an elevated user account.(imposible)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment