We have confirmed this POC to work and in fact provide read access to a chosen file that the initiating user didn't have read access to. https://twitter.com/Evil_Polar_Bear/status/1075605011105767424 …
-
-
1) Makes sense: Local System is a member of Authenticated Users so it can't access the file. 2) One of your previously tested exploits worked and put the limited user in the admin group?
-
First part seems OK. It's the second part that is mind-boggling to me. Somehow along the way, the C:\Users\test_user directory was set to give full access to the "limited" user. I can't imagine how I would have accidentally made this happen, but I also can't reproduce it.pic.twitter.com/Gy4KKK8RN1
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.