A forum for reverse engineering, OS internals and malware analysis 

All off-topic discussion goes here.
 #32870  by zer0cat
 Sun Apr 28, 2019 6:47 pm
As we all know, in the Windows there is an integrity level. But there is an opportunity to raise it, quite legally, without any exploits. Through the function ShellExecute Runas.

Malware calls this functuin in a loop, and reaches admin privileges. The user can not cancel it, because malware call it in an infinite (or very big) loop.

Why is that? Why Microsoft can not somehow track this and ban? What is the point of integrating, if each application can become an administrator?
 #32872  by EP_X0FF
 Mon Apr 29, 2019 3:06 am
zer0cat wrote: Sun Apr 28, 2019 6:47 pmMalware calls this functuin in a loop, and reaches admin privileges. The user can not cancel it, because malware call it in an infinite (or very big) loop.
You can always press ctrl+alt+del and logoff thus terminating any elevation requestors.
What is the point of integrating, if each application can become an administrator?
That's the point of it actually.
 #32876  by Brock
 Tue Apr 30, 2019 2:35 am
Why is that? Why Microsoft can not somehow track this and ban?
Kinda like a cheater/hacker in Counter-Strike? KEWL!!! =]