Vulnerability Development mailing list archives
Re: local security workaround through IE
From: jason.brvenik () USDOJ GOV (Jason Brvenik)
Date: Mon, 3 Apr 2000 10:33:40 -0400
Wouldn't it be a lot easier just do download a copy of poledit and edit the policy yourself? Andrew Bennieston wrote:
Approved-By: BlueBoar () THIEVCO COM Delivered-To: vuln-dev () lists securityfocus com Delivered-To: vuln-dev () securityfocus com X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 X-To: vuln-dev () securityfocus com Uh, Isn't it easier to boot into safe mode and remove the security that way...?? Unless, of course the boot keys have been disabled. Even then you can use a DOS boot floppy. Also - How can I get into Safe Mode if I have a boot floppy, and the boot keys have been disabled on a PC? Is it some parameter on win.com?? -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of H D Moore Sent: 25 March 2000 05:45 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: local security workaroudn through IE Hi, I havent heard of anyone doing this before, so here is my personal trick to break out of a 'secured' win 9x machine: The MS Office suite is almost available for a user, regardless of what type of restriced computing environment one is in. Most of these 'security' tools relay on system policies (registry entries) and system level hooks for File->Open GUI's and Explorer Shell functions. Well Microsoft included an entire visual basic devlopment environment with each Office App, called VBA (Visual Basic for Applications). This can be accessed by the Visual Basic Editor item in the Macro menu in most M$ Office applications. VBA is not restricted to simple document parsing commands, in fact you could write your own Registry Editor, Process Manager, or Network Trojan with VBA (I have done all of the above for kicks) and hide it in a simple Word Document. Save this to a floppy and you will have your own System Policy Editor accessible whenever you need to remove thsoe pesky security programs. -HD http://www.secureaustin.com Robert wrote:This isn't something that can be stopped (not to my knowledge at least without messing with the OS itself). Most software companies just rely on the fact that no one will notice that you can browse the HD with a http browser, or any other program that has file->open. However, ifthesoftware is good, then the only thing this will let you do is find out what packages are installed because they will have blocked the opening of any critical files (like *.bat, *.ini, et al). As well, mostsoftwaredoesn't let you run system critical executables (stuff like regedit which would allow you to turn off the software altogether). Anyway, it is a nifty little trick cause it lets you browse the HD when everyone else is sitting there thinking you can't. Oh, one more thing, if the 'run' option is still left in the start bar, the world is your oyster,[ snip ]again, we ARE talking about Windows "security" software :P. As for the OOBing, no comment. Robert Kotz
Current thread:
- Re: local security workaround through IE Seth R Arnold (Mar 31)
- <Possible follow-ups>
- Re: local security workaround through IE WHiTe VaMPiRe (Mar 31)
- Re: local security workaround through IE Matthew S. Hallacy (Apr 03)
- Re: local security workaround through IE Bluefish (Apr 05)
- Re: local security workaround through IE WHiTe VaMPiRe (Apr 05)
- Re: local security workaround through IE Seth R Arnold (Apr 05)
- Novell 32bit Client , Passwords Michael Sanders (Apr 06)
- Re: Novell 32bit Client , Passwords Seth R Arnold (Apr 06)
- Re: Novell 32bit Client , Passwords Andrew Griffiths (Apr 06)
- Re: local security workaround through IE Andrew Bennieston (Apr 08)
- Re: local security workaround through IE Mr Jason C Hill (Apr 06)
- Award BIOS passwords (was Re: local security workaround through IE) Robert A. Seace (Apr 06)
- Re: Award BIOS passwords (was Re: local security workaround through IE) jnzero (Apr 07)
- Kill BIOS dEStr0YEr (Apr 08)
- Re: Kill BIOS Greg Rice (Apr 08)