Full Disclosure mailing list archives
Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)
From: bipin gautam <visitbipin () yahoo com>
Date: Sun, 22 Aug 2004 12:10:31 -0700 (PDT)
ZoneAlarm does not rely on file permissions to
protect
any configuration files. Configuration files are
protected
by our TrueVector(r) driver in the kernel.
then ALL YOU NEED TO DO, is to change the folder permissions to EVERYONE:
DENY, and NTFS will
not EVER allow you to recover this folder. ZA will
thus never operate
properly on this machine again.
Not really, I've discoverd a NTFS feature (BUG?). well... If you have system/administrative privilages in a disk.... you can read/modify a file even though it has "EVERYONE: DENY" permission set. All you have to do is read the file through RAW disk access... instead of going through the standard procedure. This will let you read/modify the file even-though it has the permission "EVERYONE: DENY" For quick demo. use any, file delete/recovery utility... to read a file that has EVERYONE: DENY permission set. -------------- But, this trick isn't limited to this... cauz i've foud some intresting thing. -------------- EVEN THOUGH ZA has its so called; !33t feature enabled, all a attacker has to do is, E:\WINDOWS\Internet Logs\> attrib/s +h +s +r +a {{{ and compress the folder (optional) }}} Next time, when ZAP or PC restarts... its so called, TrueVector(r) driver in the kernel will fail to load at all. (cheese!) Now, DOES ANYONE SEES A HOLE..... (O; bipin __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Unsecure file permission of ZoneAlarm pro., (continued)
- Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. stephane nasdrovisky (Aug 21)
- Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 21)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Chris Smith (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) James Greenhalgh (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Barrie Dempster (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Barrie Dempster (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. Barry Fitzgerald (Aug 20)
- RE: Unsecure file permission of ZoneAlarm pro. Ron DuFresne (Aug 20)