Windows Rdp / Terminal Service

Full Version: Windows Rdp / Terminal Service

GovernmentSecurity.org > System Security > Windows Systems

mon11

Jun 13 2005, 05:53 PM

Today I discovered something weird..

If your windows XP / 2003 Machine is locked or nobody is logged on even via Terminal service, there is the ability to activate "stickey keys" by pressing five times the shift key..

I do not know what the implementation could have in a security point of view,
I think this should not be possible, because you can activate the "stickey keys" process in SYSTEM context..

Maybe somebody has idea's to what can be done with this, I consider it a bug that a non authoritive person can activate a process without loggin in.

Greetings,

Mon11

kingvandal

Jun 13 2005, 07:30 PM

I could not reproduce that result. Did it actually show the sticky keys window? or did it just enable them and you found later??

kv-

jpno5

Jun 14 2005, 01:50 AM

don't really see this as a bug, if uv only got 1 hand and u need to do ctrl+alt+del to login then ur pretty much fuc*ed without stickykeys

talaxian

Jun 14 2005, 05:46 AM

QUOTE(jpno5 @ Jun 14 2005, 01:50 AM)

don't really see this as a bug, if uv only got 1 hand and u need to do ctrl+alt+del to login then ur pretty much fuc*ed without stickykeys

lol

buzzons

Jun 14 2005, 06:37 PM

you can get this to happen before, and during the login screen, however i dout you can do anything with it, just like you can not do anything with the ctrl alt del key presses

boshcash

Jun 15 2005, 05:45 PM

i think they may have a security threat although im no security pro , but it looks more like the utilman priv escalation exploit , ctrl alt del is something made by microsoft to do this , but i dont think stickykeys are made to run on SYSTEM .

alx_alx

Jul 10 2005, 02:29 PM

i tried it and it starts in system context as sethc.exe

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Windows Rdp / Terminal Service GovernmentSecurity.org > System Security > Windows Systems mon11 Jun 13 2005, 05:53 PM Today I discovered something weird.. If your windows XP / 2003 Machine is locked or nobody is logged on even via Terminal service, there is the ability to activate "stickey keys" by pressing five times the shift key.. I do not know what the implementation could have in a security point of view, I think this should not be possible, because you can activate the "stickey keys" process in SYSTEM context.. Maybe somebody has idea's to what can be done with this, I consider it a bug that a non authoritive person can activate a process without loggin in. Greetings, Mon11 kingvandal Jun 13 2005, 07:30 PM I could not reproduce that result. Did it actually show the sticky keys window? or did it just enable them and you found later?? kv- jpno5 Jun 14 2005, 01:50 AM don't really see this as a bug, if uv only got 1 hand and u need to do ctrl+alt+del to login then ur pretty much fuced without stickykeys talaxian Jun 14 2005, 05:46 AM QUOTE(jpno5 @ Jun 14 2005, 01:50 AM) don't really see this as a bug, if uv only got 1 hand and u need to do ctrl+alt+del to login then ur pretty much fuced without stickykeys lol buzzons Jun 14 2005, 06:37 PM you can get this to happen before, and during the login screen, however i dout you can do anything with it, just like you can not do anything with the ctrl alt del key presses boshcash Jun 15 2005, 05:45 PM i think they may have a security threat although im no security pro , but it looks more like the utilman priv escalation exploit , ctrl alt del is something made by microsoft to do this , but i dont think stickykeys are made to run on SYSTEM . alx_alx Jul 10 2005, 02:29 PM i tried it and it starts in system context as sethc.exe This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.