Re: [Full-Disclosure] local SYSTEM on Windows vs. local root on Unix

On Mon, Jan 19, 2004 at 04:20:58PM -0500, KF wrote:
> I am currious to know what you folks think the differences are between
> obtaining local SYSTEM on a win32 box and obtaining root on a Unix machine.
>
> Same thing?
> Different?
> One is worse than the other? Which one? Why?
>
I'd say best case, it's more or less the same thing.
NTAUTHORITY\LocalSystem has complete access to all of the resources of
the local machine. IIRC, it is possible to create local users and add
them to local groups from a program running with LocalSystem privileges.
[This is why I'd say it's equal to root in the best case.]

In the worst case, it can be much worse than root. If a domain has been
improperly configured such that the computer account for the machine on
which you've got LocalSystem is overly privileged, you may have gained
control over the domain as well :-)

Here's a decent summary of the account:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/localsystem_account.asp

regards,

petard

--
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html