Re: local security workaround through IE

[kain () EGOTRIP DK (Knud Erik Højgaard)]

yup..this is a library .. i know winnuking is lame..and patched...but ..
public (read - government) places at least in Denmark dont see the need to
upgrade their win95 to win98 or NT, as it works the same way and costs too
much money. They think like this i suppose 'we are running desktop
restriction software, so no users can do bad things, and we are also
running a very expensive firewall (i suppose they think it works right out
of the box w/o configuring it), so no harm can bestow upon us. ... i guess
they're wrong. I hid ftpd's and other nice stuff on their computers, the
firewall allows for .exe downloading and so on. Actually i used that
reconfiguring mime type in netscape too..totally forgot about that one. I
downloaded mirc installation.exe and told netscape to open all .exe with
that one..and hey presto...the /run command in mirc is very usefull.
/remove too .. and by the way .. usually switching the computer on/off a
few times brings up scandisk, which can be terminated with a CTRL-C .. it
then says 'do you really want to stop scandisk' or something like
that...CTRL-C again terminates it(as far as i can remember...haven't done
it for a while, got better stuff to do with my time now), and leaves you at
a nice C:\> prompt ... some of the worst scenarios even left me with the
'starting win9x' thing where you can press F8 and get that nice
bootmenu...failsafe command prompt only please. Thank you. 

Oh well.. just a few thoughts/comments.

Knud Erik Højgaard
The Helldesk worker

At 23:02 24-03-00 -0800, you wrote:
> Knud Erik Højgaard wrote:
> > On many 'crippled' public computers (at libraries etc.) running some sort
> > of restriction software, its possible to use file/open/browse in IE, type
> > for instance c:\ as filename, and get a directory overview. Nice for
> > determining what kind of security software is running, (by looking in
> > 'program files' *doh daft admins*) deleting files etc. . This is not a bug
> > in IE, just bad programming from the software dudes...i guess?
> > Right click the file you want to run, and instead of choosing the top
> > option called 'select', use #2 called 'open' ... sometimes access is
> > disallowed to certain files IE command.com etc. , but simply downloading
> > the file from somewhere else or copying it to another location usually lets
> > you run pretty much whatever you want.
>
> I've managed to get my prompt back on an NT box I was configuring to be
> a kiosk via Netscape.. I secured it a bit too much during one round. :)
> You can reconfigure just about any mime type to execute an external
> program, say explorer.exe.
>
> I had netscape set to be the shell.  It's easy to forget that changing
> everyone to no access overrides admin having any access, since
> everyone includes admin, and no access overrides any other ACLs.  Whoops.
>
> > I've had loads of fun mass OOB'ing
> > libraries from one of their own machines..yes i know its lame, but i kind
> > of like looking at 40 screens turning blue one after another..
> >
> > comments anyone ?
>
> Yes, winnuking is lame. :)
>
> That was patched a long time ago... they're still vulnerable?
>
>                                       BB