Gray Hat Hacking, Second Edition, 2nd Edition

Attack Patterns for Each Interesting Object Type

Let’s apply the analysis methodology to real objects and start finding real security vulnerabilities. The following sections will list DACL enumeration techniques, then the power permissions, and then will demonstrate an attack.

Attacking Services

Services are the simplest object type to demonstrate privilege escalation, so we’ll start here. Let’s step through our attack process.

Enumerating DACL of a Windows Service

We’ll start with the first running service on a typical Windows XP SP2 system.

C:\tools>net start
These Windows services are started:

   Alerter
   Application Layer Gateway Service
   Ati HotKey Poller
   Automatic Updates
   ...

We used AccessChk.exe earlier to enumerate file system DACLs and ...

Get Gray Hat Hacking, Second Edition, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Gray Hat Hacking, Second Edition, 2nd Edition by Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness

Attack Patterns for Each Interesting Object Type

Attacking Services

Enumerating DACL of a Windows Service

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly