Re: local security workaround through IE

[jason.brvenik () USDOJ GOV (Jason Brvenik)]

Wouldn't it be a lot easier just do download a copy of poledit and edit
the policy yourself?

Andrew Bennieston wrote:
> Approved-By: BlueBoar () THIEVCO COM
> Delivered-To: vuln-dev () lists securityfocus com
> Delivered-To: vuln-dev () securityfocus com
> X-MSMail-Priority: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
> X-To: vuln-dev () securityfocus com
>
> Uh, Isn't it easier to boot into safe mode and remove the security that
> way...??
>
> Unless, of course the boot keys have been disabled. Even then you can
> use a
> DOS boot floppy.
> Also - How can I get into Safe Mode if I have a boot floppy, and the
> boot
> keys have been disabled on a PC? Is it some parameter on win.com??
>
> -----Original Message-----
> From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of H D
> Moore
> Sent: 25 March 2000 05:45
> To: VULN-DEV () SECURITYFOCUS COM
> Subject: Re: local security workaroudn through IE
>
> Hi,
>
> I havent heard of anyone doing this before, so here is my personal trick
> to break out of a 'secured' win 9x machine:
>
> The MS Office suite is almost available for a user, regardless of what
> type of restriced computing environment one is in.  Most of these
> 'security' tools relay on system policies (registry entries) and system
> level hooks for File->Open GUI's and Explorer Shell functions.  Well
> Microsoft included an entire visual basic devlopment environment with
> each Office App, called VBA (Visual Basic for Applications).  This can
> be accessed by the Visual Basic Editor item in the Macro menu in most M$
> Office applications.  VBA is not restricted to simple document parsing
> commands, in fact you could write your own Registry Editor, Process
> Manager, or Network Trojan with VBA (I have done all of the above for
> kicks) and hide it in a simple Word Document.  Save this to a floppy and
> you will have your own System Policy Editor accessible whenever you need
> to remove thsoe pesky security programs.
>
> -HD
>
> http://www.secureaustin.com
>
> Robert wrote:
> > This isn't something that can be stopped (not to my knowledge at least
> > without messing with the OS itself). Most software companies just rely
> > on the fact that no one will notice that you can browse the HD with a
> > http browser, or any other program that has file->open. However, if
> the
> > software is good, then the only thing this will let you do is find out
> > what packages are installed because they will have blocked the opening
> > of any critical files (like *.bat, *.ini, et al). As well, most
> software
> > doesn't let you run system critical executables (stuff like regedit
> > which would allow you to turn off the software altogether). Anyway, it
> > is a nifty little trick cause it lets you browse the HD when everyone
> > else is sitting there thinking you can't. Oh, one more thing, if the
> > 'run' option is still left in the start bar, the world is your oyster,
> [ snip ]
> > again, we ARE talking about Windows "security" software :P. As for the
> > OOBing, no comment.
> >
> > Robert Kotz