Hacker Reveal easy way to Hijack Privileged Windows User Session Without PW

In a recent PoC Exploit released via YouTube, Alexander Korznikov demonstrated a successful hijacking (using Task manager, service creation, as well as command line), along with Proof-of-Concept exploit.

Korznikov, an Israeli security researcher calls the attack “privilege escalation and session hijacking,” which could allow an attacker to hijack high-privileged users session and gain unauthorized access to applications and other sensitive data.

 

Korznikov successfully tested the flaw on the newest Windows 10, Windows 7, Windows Server 2008, and Windows Server 2012 R2, though another researcher confirmed on twitter that the flaw works on every Windows version, even if the workstation is locked.

For successful exploitation, an attacker requires physical access to the targeted machine, but using (RDP) Remote Desktop Protocol session on a hacked machine, the attack can be performed remotely as well.

While Microsoft doesn’t believe this to be a vulnerability, some experts argue that a Windows user with admin permissions can do anything, Korznikov explained a simple attack scenario of how an insider could easily misuse this flaw.

  

 

 

 

 

 

Advertisements

2 Comments Add yours

  1. barki2017 says:

    Reblogged this on PBUH prophets mercy and guidance.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s