Dangers of Windows API and Administrator accounts?

Posted by Brett Powell on Stack Overflow See other posts from Stack Overflow or by Brett Powell
Published on 2010-01-17T03:46:29Z Indexed on 2010/03/20 19:31 UTC
Read the original article Hit count: 340

Filed under:

winapi

|

c++

I wrote a game server plugin last night that allowed me to create a user account and set it as administrator, which is a huge problem. Of course the simple fix is to create a basic user account with limited privileges for the game servers, so they would not have access to do things like this.

I wanted to find out if there's anything else in the Windows API that would create such a huge vulnerability though? I guess I want to just make sure that when the client's game servers accounts are moved to limited access accounts, we won't have to worry about any of them using the windows API to sabotage the machines. There is already enough exploits in the game itself to worry about, without having to worry about client's taking over the machines with plugins lol.

Some of the questions relative would be... Can you disable/enable Remote Desktop from c++? Can you get a list of AD user groups from c++? (not that a user belongs to, but a complete list)

© Stack Overflow or respective owner

Related posts about winapi

C: WinAPI CreateDIBitmap() from byte[] problem

as seen on Stack Overflow - Search for 'Stack Overflow'
I have been working on this problem for a while now. I am trying to add JPEG support to a program with libjpeg. For the most part, it is working fairly well, But for some JPEGs, they show up like the picture on the left. It may not be obvious, but the background shows up with alternating red green… >>> More
mouse_event WinAPI call not working when cursor is over Flash

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am writing a small program which can simulate mouse clicks at specified positions. Using the Win32 API call mouse_event like so: [DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)] public static extern void mouse_event(uint dwFlags, uint dx, uint… >>> More
Custom form designer, move/resize controls using WinAPI

as seen on Stack Overflow - Search for 'Stack Overflow'
I have to fix some problems and enchance form designer written long ago for a database project. In Design Panel class code I encountered these lines private void DesignPanel_MouseDown(object sender, MouseEventArgs e) { if (e.Button == MouseButtons.Left) { (sender as Control).Capture… >>> More
winapi c - read/write mbr of system drive

as seen on Stack Overflow - Search for 'Stack Overflow'
Does anyone have any example code that shows how to identify the system boot harddisk, and read/write the mbr from the harddisk in windows xp and vista? I know createfile can be used. But I do not know how to properly identify which device is the boot device. Like how do you find out which ones… >>> More
How to use WINAPI from newer SDK but still using the old SDK in WindowsMobile.

as seen on Stack Overflow - Search for 'Stack Overflow'
Specifically, I want to use Point-to-point Message Queue but because I am still using legacy codes in eVC++ 4 and it only support until PocketPC 2003SE SDK, I cannot find CreateMsgQueue and friends in the headers (the port to newer VisualStudio is still in progess) I am using the Message Queue to… >>> More

Related posts about c++

Which C++ book shold I get between "C++ Primer" vs "C++ Primer Plus"

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to learn C++ by using Vim and MinGW as compiler. I'm interesting at "C++ Primer (4th Edition)" and "C++ Primer Plus (5th Edition)" but I don't know how about it different. It has no book store that I can review those books, so I want to know, what is the different between those book and which… >>> More
C++ : C++ Primer (Stanley Lipmann) or The C++ programming language (special edition)

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a Computer Science degree (long2 time ago) .. I do know Java OOP but i am now trying to pick up C++. I do have C and of course data structure using C or pascal. I have started reading Bjarne Stroustrup book (The C++ Programming Language - Special Edition) but find it extremely difficult esp… >>> More
I need help on my C++ assignment using MS Visual C++

as seen on Stack Overflow - Search for 'Stack Overflow'
Ok, so I don't want you to do my homework for me, but I'm a little lost with this final assignment and need all the help I can get. Learning about programming is tough enough, but doing it online is next to impossible for me... Now, to get to the program, I am going to paste what I have so far. This… >>> More
Managed c++ std::string not accessible in unmanaged c++

as seen on Stack Overflow - Search for 'Stack Overflow'
In unmanaged c++ dll i have a function which takes constant std::string as argument Prototype : void read ( const std::string &imageSpec_ ) I call this function from managed c++ dll by passing a std::string. When i debug the unmanaged c++ code the parameter imageSpec_ shows the value correctly… >>> More
The Definitive C++ Book Guide and List

as seen on Stack Overflow - Search for 'Stack Overflow'
After more than a few questions about deciding on C++ books I thought we could make a better community wiki version. Providing QUALITY books and an approximate skill level. Maybe we can add a short blurb/description about each book that you have personally read / benefited from. Feel free to debate… >>> More