aspx
Limited User with PSEXEC http://blogs.technet.com/markrussinovich/archive/2006/03/02/
running-as-limited-user-the-easy-way.aspx
Running as Non-Admin Blog http://blogs.msdn.com/aaron_margosis
Gray Hat Hacking: The Ethical Hacker??™s Handbook
386
CHAPTER16 Exploiting Windows
Access Control Model
for Local Elevation
of Privilege
This chapter will teach you about Windows Access Control and how to find instances
of misconfigured access control exploitable for local privilege escalation.
??? Why study access control?
??? How Windows Access Control works
??? Tools for analyzing access control configurations
??? Special SIDs, special access, and denied access
??? Analyzing access control for attacks
??? Attack patterns for each interesting object type
??? What other object types are out there?
Why Access Control Is Interesting to a Hacker
Access control is about the science of protecting things. Finding vulnerabilities in poorly
implemented access control is fun because it feels like what security is all about. It isn??™t
blindly sending huge, long strings into small buffers or performing millions of iterations
of brute-force fuzzing to stumble across a crazy edge case not handled properly;
neither is it tricking Internet Explorer into loading an object not built to be loaded in a
browser.
Pages:
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699