, 2010 8:31 AM
*To:* Full-Disclosure@lists.grok.org.uk
*Subject:* Re: [Full-disclosure] Possible RDP vulnerability
Thank you for your comment.
What I was referring to it being scary is that if you create a locked down
group policy that is tighter than a ducks bum and you forget that single
-boun...@lists.grok.org.uk] On Behalf Of wicked clown
Sent: Friday, March 26, 2010 8:31 AM
To: Full-Disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Possible RDP vulnerability
Thank you for your comment.
What I was referring to it being scary is that if you create a
locked down group
: Saturday, March 27, 2010 4:39 AM
To: Thor (Hammer of God)
Cc: Full-Disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Possible RDP vulnerability
I think we are two different pages :)
what I was trying to show if you have a group policy that will only run a
certain applications for example
, March 26, 2010 3:33 AM
To: Full-Disclosure@lists.grok.org.ukmailto:Full-Disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Possible RDP vulnerability
Cheers for that,
I take it back that I haven't found an vulnerability :(, but by default this
isn't enabled which is scary !!
On Fri, Mar 26
: devise a Group Policy that will prevent users from attaching
their local drives to a remote RDP server.
- Original Message -
From: wicked clown
To: Thor (Hammer of God)
Cc: Full-Disclosure@lists.grok.org.uk
Sent: Saturday, March 27, 2010 7:39 AM
Subject: Re: [Full-disclosure] Possible
Of Mr. Hinky Dink
Sent: Saturday, March 27, 2010 8:51 AM
To: Full-Disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Possible RDP vulnerability
As far as RDP is concerned, it's much simpler (and more fun!) to host an Evil
RDP Server than it is to hack into one. There is no end
, March 27, 2010 8:51 AM
To: Full-Disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Possible RDP vulnerability
As far as RDP is concerned, it's much simpler (and more fun!) to host an Evil
RDP Server than it is to hack into one. There is no end to the shenanigans you
can create
...@lists.grok.org.uk [mailto:full-
disclosure-boun...@lists.grok.org.uk] On Behalf Of wicked clown
Sent: Friday, March 26, 2010 8:31 AM
To: Full-Disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Possible RDP vulnerability
Thank you for your comment.
What I was referring to it being scary
-Disclosure@lists.grok.org.ukmailto:Full-Disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Possible RDP vulnerability
So it's a super common thing for schools to have 'locked down' Windows
desktops, and even more common for even slightly nerdy kids to take the
lockdown as a challenge
Vis7a and Server 2008, but I really haven't kept up with the tech).
- Original Message -
From: Thor (Hammer of God) t...@hammerofgod.com
To: Mr. Hinky Dink d...@mrhinkydink.com;
Full-Disclosure@lists.grok.org.uk
Sent: Saturday, March 27, 2010 12:09 PM
Subject: RE: [Full-disclosure] Possible
...@hammerofgod.com
To: Mr. Hinky Dink d...@mrhinkydink.com;
Full-Disclosure@lists.grok.org.uk
Sent: Saturday, March 27, 2010 12:09 PM
Subject: RE: [Full-disclosure] Possible RDP vulnerability
Oh, sorry I read the question wrong. Just don't allow them to attach
their local drives. Simple.
Still, what
-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Mr. Hinky Dink
Sent: Saturday, March 27, 2010 11:48 AM
To: Full-Disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Possible RDP vulnerability
In your case, had you answered
Hi Guys,
I think I possible may have found a vulnerability with using RDP / Terminal
services on windows 2003.
If you lock down a server and only allow users who connect to your RDP
connection to run certain applications, users can bypass this and run ANY
application they want. You can do
: [Full-disclosure] Possible RDP vulnerability
Hi Guys,
I think I possible may have found a vulnerability with using RDP / Terminal
services on windows 2003.
If you lock down a server and only allow users who connect to your RDP
connection to run certain applications, users can bypass
an initial program to be launched. Always
show the desktop.
- Original Message -
*From:* wicked clown wickedclow...@googlemail.com
*To:* Full-Disclosure@lists.grok.org.uk
*Sent:* Friday, March 26, 2010 5:04 AM
*Subject:* [Full-disclosure] Possible RDP vulnerability
Hi Guys
...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of wicked clown
Sent: Friday, March 26, 2010 3:33 AM
To: Full-Disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Possible RDP vulnerability
Cheers for that,
I take it back that I haven't found an vulnerability
for Do not allow an initial program to be launched. Always show the
desktop.
- Original Message -
*From:* wicked clown wickedclow...@googlemail.com
*To:* Full-Disclosure@lists.grok.org.uk
*Sent:* Friday, March 26, 2010 5:04 AM
*Subject:* [Full-disclosure] Possible RDP vulnerability
26, 2010 8:31 AM
To: Full-Disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Possible RDP vulnerability
Thank you for your comment.
What I was referring to it being scary is that if you create a locked down
group policy that is tighter than a ducks bum and you forget that single tick
(I
18 matches
Mail list logo