Maybe what some of us need to learn from this is that we should never think in absolutes such as local VS domain users. There are numerous account types and the overrides to take into account with any OS and they change.

This is more of a wakeup call to brush up on our understanding of permissions

[ more ]  [ reply ]

"Andrea Lee" <andrea (at) kattrap (dot) net [email concealed]> wrote:

> I hope I'm not just feeding the troll...

No. You just made a complete fool of yourself.-P
Read the initial post again.
CAREFULLY.
Especially that part about unplugging from the network.

> A local admin is an admin on one system. The domain admin is an ad

[ more ]  [ reply ]

"StenoPlasma @ ExploitDevelopment" <StenoPlasma (at) exploitdevelopment (dot) com [email concealed]> wrote:

Your MUA is defective, it strips the "References:" header!

> Stefan,
>
> For you information:
>
> Cached domain accounts on a local system are not stored in the SAM. They
> are stored in the SECURITY registry hive.

[ more ]  [ reply ]

But he said that RedHat (and thus CentOS) doesn't have Econet enabled by
default.

--Ariel

firebits (at) backtrack.com (dot) br [email concealed] wrote:
> I tested it on a VM with CentOS 5.5 i386 updated and did not work.
>
> Last login: Tue Dec 13 12:48:54 2010
> [root@localhost~]#nano full-nelson.c
> [root@localhost~]#gcc-o

[ more ]  [ reply ]

PoC to generate Reverse TCP backdoors, malicious PDF or LNK files. But
also running Auto[run|play] infections (EXE, PDF, LNK) and dumping all
USB files remotely on multiple targets at the same time, a set of
extensions to dump can be specified. All EXE, PDF and LNK already
available on the USB targe

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:253
http://www.mandriva.com/security/
______________________________________________________________________

[ more ]  [ reply ]

Hi,

I've recently made publicly available "yet another fuzzer". It's
simple, easy to use via command-line interface, providing nice
analysis of software crashes in a simple form of file names.

It has been used by me and some others to find a few, possibly
exploitable, bugs in some major software p

[ more ]  [ reply ]

VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow
Vulnerability (VUPEN-SR-2010-31)

http://www.vupen.com/english/research.php

I. BACKGROUND
---------------------

"RealPlayer is a media player available to play, manage and download all
your mp3,
flash and video files" from rea

[ more ]  [ reply ]

VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow
Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30)

http://www.vupen.com/english/research.php

I. BACKGROUND
---------------------

"RealPlayer is a media player available to play, manage and download al

[ more ]  [ reply ]

VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow
Vulnerability (VUPEN-SR-2010-003)

http://www.vupen.com/english/research.php

I. BACKGROUND
---------------------

"RealPlayer is a media player available to play, manage and download all
your mp3,
flash and video files" fro

[ more ]  [ reply ]

VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow
Vulnerability (VUPEN-SR-2010-005)

http://www.vupen.com/english/research.php

I. BACKGROUND
---------------------

"RealPlayer is a media player available to play, manage and download all
your mp3,
flash and video files" from

[ more ]  [ reply ]

VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow
Vulnerability (VUPEN-SR-2010-004)

http://www.vupen.com/english/research.php

I. BACKGROUND
---------------------

"RealPlayer is a media player available to play, manage and download all
your mp3,
flash and video files" fro

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:252
http://www.mandriva.com/security/
______________________________________________________________________

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2133-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Raphael Geissert
December 13, 2010

[ more ]  [ reply ]

On Fri Dec 10, 2010 at 17:52:37, Wolf wrote:
> Well, I'm a first time writer to Bugtraq, but this is interesting. I
> commented out the call to clone(), and after it simply called
> trigger(fildes), and apparently, it works. Only tested on a stock
> install of Ubuntu 10.10, but I thought the bug was

[ more ]  [ reply ]

Please don't inundate me with e-mail because none of you bothered to read the exploit header.

The exploit so far has a 100% success rate on the systems it was designed to work on.

I don't think this is rocket science. If your distribution does not compile Econet, then the exploit obviously wo

[ more ]  [ reply ]

On 2010-12-13 Andrea Lee wrote:
> A local admin is an admin on one system. The domain admin is an admin
> on all systems in the domain, including mission critical Windows
> servers. With temporary domain admin privs, the local admin could log
> into the AD and change permissions / passwords for anot

[ more ]  [ reply ]

So far I agree with Thor. Did I miss something? Has anyone demonstrated
using the locally cached credentials to access resources across the network?
So far I haven't seen anything new or interesting in this thread:

1. StenoPlasma claims that a local admin can access and reuse the cached
credentials

[ more ]  [ reply ]

>-----Original Message-----
>From: kattrap (at) gmail (dot) com [email concealed] [mailto:kattrap (at) gmail (dot) com [email concealed]] On Behalf Of Andrea
>Lee
>Sent: Monday, December 13, 2010 9:12 AM
>To: Thor (Hammer of God)
>Cc: George Carlson; bugtraq (at) securityfocus (dot) com [email concealed]; full-
>disclosure (at) lists.grok.org (dot) uk [email concealed]
>Subject: Re: [Full-disclosure] Flaw in Micr

[ more ]  [ reply ]

www.eVuln.com advisory:
"url" BBCode XSS in slickMsg
Summary: http://evuln.com/vulns/160/summary.html
Details: http://evuln.com/vulns/160/description.html

-----------Summary-----------
eVuln ID: EV0160
Software: slickMsg
Vendor: n/a
Version: 0.7-alpha
Critical Level: low
Type: Cross Site Scriptin

[ more ]  [ reply ]

Hi,

i just found out that there is a hidden user on every HP MSA2000 G3
SAN out there:

username: admin
password: !admin

this user doesnt show up in the user manager, and the password
cannot be changed - looks like the perfect backdoor for everybody.

[ more ]  [ reply ]

> If I take the domain admin out of my local administrators, they can't do
anything. Done.

Back when I did AD/domain support, all domain user accounts got a profile
that included a trivial script to re-add Domain Admins to the Local Admins
group. So this kind of local removal shenanigans lasted

[ more ]  [ reply ]

I hope I'm not just feeding the troll...

A local admin is an admin on one system. The domain admin is an admin
on all systems in the domain, including mission critical Windows
servers. With temporary domain admin privs, the local admin could log
into the AD and change permissions / passwords for an

[ more ]  [ reply ]

Hi!
>
> The reason I wrote this article was not to explain how to create a hidden
> user account. I wrote the article to show you that you can modify the SAM
> in real time in a way that is undetectable by ANYONE. This modification
> allows you to masquerade any user account as the built-in Ad

[ more ]  [ reply ]

> From: Stefan Kanthak [mailto:stefan.kanthak (at) nexgo (dot) de [email concealed]]
> Sent: Friday, 10 December, 2010 17:12
>
> "George Carlson" <gcarlson (at) vccs (dot) edu [email concealed]> wrote:
>
> > Your objections are mostly true in a normal sense.
> > However, it is not true when Group Policy is taken into account.
>
> Group Policies need an

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/

Symantec Intel Handler Service Remote DoS

1. *Advisory Information*

Title: Symantec Intel Handler Service Remote DoS
Advisory Id: CORE-2010-0728
Advis

[ more ]  [ reply ]

Stefan,

For you information:

Cached domain accounts on a local system are not stored in the SAM. They
are stored in the SECURITY registry hive. When a cached domain user logs
in to the system, they do not authenticate against the SAM (As you can see
in my article, I am not editing the SAM).

[ more ]  [ reply ]

You are completely missing the point..
Local admins become Domain Admins.

From: "Stefan Kanthak" <stefan.kanthak (at) nexgo (dot) de [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>,
<full-disclosure (at) lists.grok.org (dot) uk [email concealed]>
Cc: <stenoplasma (at) exploitdevelopment (dot) com [email concealed]>
Date: 12/10/2010 01:08

[ more ]  [ reply ]

[Apologies if you receive multiple copies]

Call For Papers -- BADGERS 2011

=============================================

The Program Committee for the first EuroSys Workshop on Building
Analysis Datasets and Gathering Experience Returns for Security (BADGERS)
invites you to submit your work.
Pap

[ more ]  [ reply ]

iDefense Security Advisory 12.10.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 10, 2010

I. BACKGROUND

RealPlayer is RealNetworks's media player product used to render video
and other media. For more information, visit http://www.real.com/.

II. DESCRIPTION

Remote exploitation of a

[ more ]  [ reply ]