jueves, 22 de agosto de 2013

POC: Windows Privilege Escalation

For days report to Microsoft a proof of concept, demonstrating a method to escalate privileges on any Windows system, allows all the registered user accounts on a machine with their passwords, this is a security error and that one should not access this information, Microsoft answered me the following:

I looked over your report. Unfortunately local password guessing is not a serious enough problem for us to open a case. Microsoft suggests that you do not use a simple password, which makes brute force attacks infeasible.

This is the reason to release the source code of this proof of concept that I have developed, I hope the developers, penetration testers, researchers and stakeholders support my efforts to develop this proof of concept.

This POC was written on C# .Net 2.0 Framework Compatible, i tested this on Win7 and WinXP, but this affect all windows based.

Repositoty: WindowsPrivilegeEscalation

3 comentarios:

  1. ohhhh yeahh,lamentable que no le tomaran importancia a esta vulnerabilidad.

  2. Respuestas
    1. Ya actualice en repositorio en github, de ahora en adelante comenzare a actualizar los post del blog y con codigo publico (y)