Vulnerability Development mailing list archives
Re: local security workaround through IE
From: andrew () BENNIESTON FREESERVE CO UK (Andrew Bennieston)
Date: Fri, 31 Mar 2000 19:07:23 +0100
Uh, Isn't it easier to boot into safe mode and remove the security that way...?? Unless, of course the boot keys have been disabled. Even then you can use a DOS boot floppy. Also - How can I get into Safe Mode if I have a boot floppy, and the boot keys have been disabled on a PC? Is it some parameter on win.com?? -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of H D Moore Sent: 25 March 2000 05:45 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: local security workaroudn through IE Hi, I havent heard of anyone doing this before, so here is my personal trick to break out of a 'secured' win 9x machine: The MS Office suite is almost available for a user, regardless of what type of restriced computing environment one is in. Most of these 'security' tools relay on system policies (registry entries) and system level hooks for File->Open GUI's and Explorer Shell functions. Well Microsoft included an entire visual basic devlopment environment with each Office App, called VBA (Visual Basic for Applications). This can be accessed by the Visual Basic Editor item in the Macro menu in most M$ Office applications. VBA is not restricted to simple document parsing commands, in fact you could write your own Registry Editor, Process Manager, or Network Trojan with VBA (I have done all of the above for kicks) and hide it in a simple Word Document. Save this to a floppy and you will have your own System Policy Editor accessible whenever you need to remove thsoe pesky security programs. -HD http://www.secureaustin.com Robert wrote:
This isn't something that can be stopped (not to my knowledge at least without messing with the OS itself). Most software companies just rely on the fact that no one will notice that you can browse the HD with a http browser, or any other program that has file->open. However, if the software is good, then the only thing this will let you do is find out what packages are installed because they will have blocked the opening of any critical files (like *.bat, *.ini, et al). As well, most software doesn't let you run system critical executables (stuff like regedit which would allow you to turn off the software altogether). Anyway, it is a nifty little trick cause it lets you browse the HD when everyone else is sitting there thinking you can't. Oh, one more thing, if the 'run' option is still left in the start bar, the world is your oyster,
[ snip ]
again, we ARE talking about Windows "security" software :P. As for the OOBing, no comment. Robert Kotz
Current thread:
- Re: local security workaroudn through IE Robert (Mar 24)
- Re: local security workaroudn through IE H D Moore (Mar 24)
- Re: local security workaround through IE Andrew Bennieston (Mar 31)
- <Possible follow-ups>
- Re: local security workaroudn through IE BLiND _ (Mar 27)
- Re: local security workaroudn through IE H D Moore (Mar 24)