- I-Love-Cats Home
- Make Us Your Home
- Cat Breeds
- Cat Names
- Cat Games
- Cute Cat Pictures
- Free Cat Stuff
- Cat Food Recipes
- Free Cat Software
- Cat Forums
- Cat Food
- Cat Supplies
- Cat eBay Auctions
- Cat Articles
- Cat Clip Art
- Cat Health
- Feline Postcards
- Top Cats Websites
- Website Award
- Cat Videos
Cat Videos, Kitten Videos - Rootkit Technology (WinDbg/Kd) - Stealing Tokens
Search Cat Videos:
cat cats kitten kittens feline felines funny cats funny kittens funny felines funny cat videos funny kitten videos
Rootkit Technology (WinDbg/Kd) - Stealing Tokens
 |
||
 |
 |
|
 |
||
This is a raw tutorial on a Rootkit technique for Stealing Tokens from a SYSTEM process to escalate "cmd.exe" to "NT AUTHORITY\SYSTEM" account.
(I've seen many youtube video's doing):
at [time] /interactive "cmd.exe"
(Which you can only do under local Administrator account.)
Which pretty much gives you "SYSTEM" account also from ring3, but my approach has an advantage, you can steal any AUTHID not only SYSTEM and most of all it can become handy for those who want to learn more of the OS Internals side of things. This, I feel, is a much more Intellectual Visual approach. Understanding Internal structures and Kernel Architecture is important for any serious Security Analyst and Researchers.
Ways of getting the driver to load up, other than administrative account, is left for you to figure out. I am not going to show you how specifically, due to it being unethical. Especially via the eyes of script kiddi0ts. Lol. Instead, I will just point out a few places you can research on your own. Say you wanted to escalate your privileges from a Guest Account.
1. System Undocumented Calls: ZwSetSystemInformation and some others that will allow for loading of drivers...etc.
2. Vulnerability Exploitation: Module or an already Kernel Running Service.
- (A lot of so called Security App's today, hook Native API's, which don't properly implement param checks on it's Ring3 Received Data, using tools like BSODHook tool, will help analyze this.)
-(DeviceIoControl(): sends IRP's {I/O Request Packets} I/O control codes to drivers, that may cause an exception by fuzzing it's user supplied data.)
-(Win32k.sys, Videoprt.sys) - Contain some interesting VRP's {VIDEO_REQUEST_PACKET} and Driver loading routines to look into as well.
3."SeDebugPrivilege/SeL adDriverPrivilege" - Will suffice. Sometimes there are applications that modify there privileged tokens for certain operations to complete, taking advantage of this should facilitate loading of drivers.
Hope you Enjoyed.
- Sypha0x
Channel: Howto & Style
Uploaded: November 30, 1999 at 12:00 am
Author: sypha0x
Length: 08:38
Rating: 3.29
Views: 4169
Tags: C\C++ Debugging Development Driver Engineer HipHop Jay-Z Kernel Programming Reverse Rootkits Security Token WinDbg x86
Login to Your Free
I-Love-Cats.com Email
Get
Your Free@ I-Love-Cats.com Email!