A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM - Stephen Breen, Chris Mallz Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM
Stephen Breen, Chris Mallz
Derbycon 2016

At Shmoocon early this year, we released Potato, a new method and tool that took advantage of neglected 15 year old issues in all versions of Windows to elevate any user's privilege to SYSTEM in default configurations. We had planned on releasing a much improved version of said tool here at Derbycon, but Microsoft had other plans. On June 14, 2016 we were surprised to find that Microsoft released MS16-075 which seems to break Potato. Luckily we still have one more trick up our sleeves that has proved useful in real-life scenarios. We will be discussing a technique based on the Potato exploit that allows for elevation from many Windows service accounts (such as those used by IIS and SQL Server) to SYSTEM in default configurations on all Windows versions.

Stephen Breen - "Stephen Breen is a Principal Consultant with the Offensive Security and Red Team at NTT Com Security. His time is split between delivering high end penetration testing engagements and R&D that is inspired by real-world experience. Stephen has been dabbling in infosec before it was called infosec, ever since his Windows 95 machine was DoS?d by an IRC skiddie using the ?Ping of Death?. On paper, he has an academic and development background, with a Masters in CS at McGill University and performed development and operations roles before getting into the security industry." Chris Mallz - "Chris Mallz has been into computers for as long as he can remember. Getting a job at a repair shop as a teenager only furthered his quest for knowledge. His interests include satellites, tradecraft, low level networking, code, and recently Windows. After taking a break for research and to learn how to code he's now returned and is eager to find a job where he can share his unique ideas."

@breenmachine, @vvalien1

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast