Hmmm, which OS let's you start a service pre-authentication?
-
-
https://www.webexec.org/ - Win7 as an example. Check out nmap section.
1 reply 0 retweets 1 like -
Replying to @GossiTheDog @x0rz
But thats post-auth, requires valid credentials?
3 replies 0 retweets 2 likes -
Yes, but it works as any domain user.
2 replies 0 retweets 2 likes -
You already have "remote code execution" as domain user then, the vulnerability just elevates your privileges to system. You can't exploit the vulnerability if you can't already execute commands on the machine... That's why it is an LPE, not RCE.
2 replies 0 retweets 6 likes -
I disagree, it’s remote code execution because it allows remote code execution. But peeps can call it whatever they want, it’s all just noise.
1 reply 0 retweets 0 likes -
Hmm, I'm not trying to be argumentative, I respect your opinion, just trying to understand your reasoning. We agree that "psexec" is not an RCE vuln, right?
4 replies 0 retweets 10 likes -
Replying to @taviso @GossiTheDog and
My understanding is that you would effectively need psexec access to exploit this, do we agree on that?
1 reply 0 retweets 0 likes -
Nope. Nmap exploit module is here: https://svn.nmap.org/nmap/scripts/smb-webexec-exploit.nse …
2 replies 0 retweets 1 like -
I read it, but I can't get past this "Given a Windows account (local or domain), this will start an arbitrary executable" , that requirement means it misses the bar for RCE for me.
2 replies 0 retweets 7 likes
/cc @iagox86 who can maybe educate me! 
-
-
Replying to @taviso @GossiTheDog and
My understanding (not being a Windows guy) is that with an unprivileged local / domain account, you can't do much against Windows (other than log in at a console). This gives you the ability to run code against a remote system that you otherwise couldn't.
2 replies 0 retweets 1 like -
Replying to @iagox86 @GossiTheDog and
AFAIK, it uses svcctl, which is also enough for psexec, no? If you consider psexec a vulnerability, then that would explain our terminology difference!
2 replies 0 retweets 2 likes - 34 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.