moonlit Posted September 29, 2006 Share Posted September 29, 2006 I read that normal users have access to the registry key that tells Dr Watson (Windows debugger/error catching thing if I did my homework) and so if we were to replace the exe location to point to a small app to escalate privs and cause a crash would that not run our app? Just a thought, don't know how viable it is but thought it was worth a shot... The only parts I was unsure of is if this exploit will still work and if we can bump the privs using it... oh, and how do you cause a crash worthy of debugging, a simple divide by zero won't cut it I don't think... Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 29, 2006 Share Posted September 29, 2006 You usualy have to casue a buffer over flow, with in the program it's self, that over writes executable code with absalute bollocks. I say usualy, I actualy mean it's probably the easist way. Quote Link to comment Share on other sites More sharing options...
PoyBoy Posted September 30, 2006 Share Posted September 30, 2006 just steal some microsoft source and stick it in there Quote Link to comment Share on other sites More sharing options...
Mick Posted September 30, 2006 Share Posted September 30, 2006 Just compile this in retail mode. int main(){*((char*)0x0)='n';} If you dont know it tries to write to memory address 0x000000. (Windows doesn't like that too much.) So, theres my contribution to the Dr.Watson thing. Quote Link to comment Share on other sites More sharing options...
PoyBoy Posted September 30, 2006 Share Posted September 30, 2006 Whadaya mean you cant write to nonexistant memory? Quote Link to comment Share on other sites More sharing options...
moonlit Posted September 30, 2006 Author Share Posted September 30, 2006 Aww... turned out to be a bunch of balony... oh well, the search continues... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.