[4895] in bugtraq
GETADMIN 2 - THE SEQUEL
daemon@ATHENA.MIT.EDU (Mark Joseph Edwards)
Fri Jul 11 05:11:35 1997
Date: Thu, 10 Jul 1997 15:44:50 -0500
Reply-To: MJE <mark@ntshop.net>
From: Mark Joseph Edwards <mark@NTSHOP.NET>
X-To: Undisclosed.Recipients@netspace.org
To: BUGTRAQ@NETSPACE.ORG
The hotfix released by MS for getadmin.exe DOES NOT WORK completely. Using
a slightly different tactic, the exploit can still be made to work in most
conditions (e.g. a not-too-heavily-loaded-down NT server).
By running a program that performs some slight manipulation <before>
running getadmin.exe, the exploit can still be run successfully. This was
tested on NT 4.0 w/SP3 and all current hotixes loaded as of July 10, 1997,
and found to work as stated.
This condition was reported to NTSecurity.NET by Constin Raiu, who
requested that we post this message to the relavant lists.
For sample code and sample .exe to test with, go to http://www.ntsecurity.ne
t and look at the GetAdmin page.
mje.
