Vulnerability Development mailing list archives
Re: local security workaroudn through IE
From: hdm () SECUREAUSTIN COM (H D Moore)
Date: Fri, 24 Mar 2000 23:45:17 -0600
Hi, I havent heard of anyone doing this before, so here is my personal trick to break out of a 'secured' win 9x machine: The MS Office suite is almost available for a user, regardless of what type of restriced computing environment one is in. Most of these 'security' tools relay on system policies (registry entries) and system level hooks for File->Open GUI's and Explorer Shell functions. Well Microsoft included an entire visual basic devlopment environment with each Office App, called VBA (Visual Basic for Applications). This can be accessed by the Visual Basic Editor item in the Macro menu in most M$ Office applications. VBA is not restricted to simple document parsing commands, in fact you could write your own Registry Editor, Process Manager, or Network Trojan with VBA (I have done all of the above for kicks) and hide it in a simple Word Document. Save this to a floppy and you will have your own System Policy Editor accessible whenever you need to remove thsoe pesky security programs. -HD http://www.secureaustin.com Robert wrote:
This isn't something that can be stopped (not to my knowledge at least without messing with the OS itself). Most software companies just rely on the fact that no one will notice that you can browse the HD with a http browser, or any other program that has file->open. However, if the software is good, then the only thing this will let you do is find out what packages are installed because they will have blocked the opening of any critical files (like *.bat, *.ini, et al). As well, most software doesn't let you run system critical executables (stuff like regedit which would allow you to turn off the software altogether). Anyway, it is a nifty little trick cause it lets you browse the HD when everyone else is sitting there thinking you can't. Oh, one more thing, if the 'run' option is still left in the start bar, the world is your oyster,
[ snip ]
again, we ARE talking about Windows "security" software :P. As for the OOBing, no comment. Robert Kotz
Current thread:
- Re: local security workaroudn through IE Robert (Mar 24)
- Re: local security workaroudn through IE H D Moore (Mar 24)
- Re: local security workaround through IE Andrew Bennieston (Mar 31)
- <Possible follow-ups>
- Re: local security workaroudn through IE BLiND _ (Mar 27)
- Re: local security workaroudn through IE H D Moore (Mar 24)