[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] TS Session Hijacking / Privilege escalation all windows versions

Terminal Services / Console Session Hijacking can lead to Privilege

Vulnerability Details.

A privileged user, which can gain command execution with NT
AUTHORITY/SYSTEM rights can hijack any currently logged in user's session,
without any knowledge about his credentials.
Terminal Services session can be either in connected or disconnected state.

This is high risk vulnerability which allows any local admin to hijack a
session and get access to:
1. Domain admin TS session.
2. Any unsaved documents, that hijacked user works on.
3. Any other systems/applications in which hijacked user previously logged
in (May include another Remote Desktop sessions, Network Share mappings,
applications which require another credentials, E-mail etc.)

Tested on:
Windows 2012 R2
Windows 2008
Windows 10
Windows 7

Proof of Concept:



Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/