Many thanks go out to Deral Heiland and crew for coming up with this little hack:
At the last Defcon(13), Deral did a session on the Insecure Windows Workstation, and along with some interesting privilege escalation using the system-level help API, he also explained how to use bart's PE to write a trojaned accessibility app to a NTFS root partition and then use WIN+U before logging in to access a system-level priviledged desktop.
No comments:
Post a Comment