Today I discovered something weird..

If your windows XP / 2003 Machine is locked or nobody is logged on even via Terminal service, there is the ability to activate "stickey keys" by pressing five times the shift key..

I do not know what the implementation could have in a security point of view,
I think this should not be possible, because you can activate the "stickey keys" process in SYSTEM context..

Maybe somebody has idea's to what can be done with this, I consider it a bug that a non authoritive person can activate a process without loggin in.

Greetings,

Mon11

thanx for reporting this man, have been looking around to search about this but looks like you can setup restrictions to avoid this:

http://microsoft.com/enable/training/wi ... ykeys.aspx (http://microsoft.com/enable/training/windowsxp/stickykeys.aspx)

hmm

if it`s my case ,
well , after onc successfull access to that system
I`ll replace my custom backdoor with related dll/excutables
and , I`ll have my cute backdoor shortcut key on system :p
maybe running a cmd.exe or explorer.exe is enough ?

if this backdoor pop-up remains working on terminal-service ,
it would be my favor backdoor on systems , rather than logging in
directly .

sticky keys sucks ;)