Old News

[Winchester]

 

[mechBgon]

When I type the command in (2), I get "Access is denied." The reason is undoubtedly that I'm not using an Administrator-level account for daily-driver purposes like browsing AnandTech Forums. At work, no one uses an Admin account either. Make a Limited or Restricted User account and try it again, and see if you get the same result I did.

 

[Ika]

Originally posted by: mechBgon
When I type the command in (2), I get "Access is denied." The reason is undoubtedly that I'm not using an Administrator-level account for daily-driver purposes like browsing AnandTech Forums. At work, no one uses an Admin account either. Make a Limited or Restricted User account and try it again, and see if you get the same result I did.

:thumbsup: access is denied.

 

[M00T]

What's the point in hacking the shell if you're already logged in as admin?

 

[Winchester]

You supposedly can do it logged in as guest in Windows XP

 

[stash]

Originally posted by: M00T
What's the point in hacking the shell if you're already logged in as admin?

Exactly.

 

[stash]

Originally posted by: Winchester
You supposedly can do it logged in as guest in Windows XP

Even if that were true, the guest account would need to be enabled first.

 

[bsobel]

This is not a vulnerability, by default access to the at command is restricted to administrators. If you've changed your security model to allow guest access to it, well you shot yourself in the foot. But, out of the box this does not appear to work.

 

[Winchester]

Originally posted by: stash

Originally posted by: Winchester
You supposedly can do it logged in as guest in Windows XP

Even if that were true, the guest account would need to be enabled first.

Any user logged in then. I just went to the bottom of the list.

 

[stash]

Originally posted by: Winchester

Originally posted by: stash

Originally posted by: Winchester
You supposedly can do it logged in as guest in Windows XP

Even if that were true, the guest account would need to be enabled first.

Any user logged in then. I just went to the bottom of the list.

Except, as noted above, normal users do not have the ability to run the at command.

Have you tested this yourself, or are you repeating FUD you saw somewhere?

 

[networkman]

It's FUD - I found a link to a similar item HERE

Note that the whole thing is under Windows 2000, with a note that it may work on XP as well, though it's also noted that "...if you have enough rights to write in %windir%\system32 and stop a service..." and as noted by another poster "you can't start/stop services without admin rights, netiher you can write in system32 ...
so no admin rights with default policies"

Point is, it's not going to work unless security has been comprimised either deliberately or thru ignorance.

 

[stash]

Wow, just wow. SANS Internet Security diary is carrying this crap with wonderful comment such as "should it turn out that administrative privileges are not needed then it becomes a far bigger issue as any user could gain SYSTEM privileges."

Well duh. It only takes 5 seconds to test and realize that admin privileges ARE needed though.

 

[iamaelephant]

Don't edit out the OP you knob.