Bypass winxp log's...
Results 1 to 8 of 8

Thread: Bypass winxp log's...

  1. #1

    Bypass winxp log's...

    this has been forwarded to microsoft too...
    -------------------------------
    just bypass any type of security logs, (antivirus logs, firewall logs, other security software logs, windows logs... everything just using a guest account...!)

    sounds crazy right, but here is a small trick...with a very Cray application,

    log on to a limited user or guest account in winxp...

    go to C:\WINDOWS\system32\config

    and just put the read-only attrib to (if possible system attrib too)_ AppEvent.Evt ,SecEvent.Evt,SysEvent.Evt

    and if you really wanna bypass the logs of renouned softwares like Norton anti-virus (%programfilesdir%\norton antivirus\activity.log), and other different firewalls... just put a readonly -attrib beside their log files....

    they will stop monitoring your activity... and when you are done.. experimenting with things you want... just remove the attribs ... that's it... it will look as if nothing have happened (what if this secret is used by a trojan--- or brutal force the admin passowrd... from a user account... !!!

    after-all there will be no log's do as you wish


    THAT THING CAN BE DONE BY A 5 YEAR OLD KID !!!

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Yes, but only a 5 year old kid who has admin rights, because the ACLs on those files look like this:

    Code:
    C:\WINNT\system32\config\AppEvent.Evt BUILTIN\Administrators:F
                                          BUILTIN\Administrators:F
                                          NT AUTHORITY\SYSTEM:F
    
    C:\WINNT\system32\config\SecEvent.Evt BUILTIN\Administrators:F
                                          BUILTIN\Administrators:F
                                          NT AUTHORITY\SYSTEM:F
    
    C:\WINNT\system32\config\SysEvent.Evt BUILTIN\Administrators:F
                                          BUILTIN\Administrators:F
                                          NT AUTHORITY\SYSTEM:F

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Yeah, those log files are owned by the admin, and require those amount of permissions to change. That's the reason, you need an admin account , to clear log files.


    PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    hunter pobably as his drive formated in fat32 thus no ACLs thus no expectation of local security. This is a non-issue.
    And besides, I just noticed he said "C:\windows\..." meaning he is NOT actually on win XP (AFAIK XP's sysdir is winnt)

    Ammo
    Credit travels up, blame travels down -- The Boss

  5. #5
    Banned
    Join Date
    Apr 2003
    Posts
    9
    yap i am talking about fat32. There are still dorzon's of admin's using fat32 for their convinence... You can't just babble around with your poor words brother because the fat32 exist in the world. Don't be specific , and think dynamic...

    < It's like, i am talking about a disease that could infect you... you cry all around 'I AM VACCINATED' that's pointless...>

    I am not talking about changing the log's , just talking about putting the read-only attrib on the log...

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    You see, the problem is that the way you say it (and perhaps just the fact that you say it), is that you are claiming a security vulnerability in winXP that in fact is a non-issue.

    Any admin still using fat32 and expecting security at the same time should be banned from the profession. By the way, what do you think microsoft's response to your message will be? (hint: "use NTFS").

    Oh and also, this is a security site, not a "haX0r" site. This means that if you really had wanted to write something helpful to the AO community, your message would have said "if you are using fat32 with winXP, anyone can stop windows from logging" (which really would have been a pointless post as everyone knows fat32 means no security).

    Oh and it's really not as your analogy; it's more like you're saying "jumping off a plane (without a parachute) will kill you"... No! really?

    Ammo
    Credit travels up, blame travels down -- The Boss

  7. #7
    Banned
    Join Date
    Apr 2003
    Posts
    9
    microsoft's response to your message will be? (hint: "use NTFS").
    --------------------------------
    Na, but MS could create extra restriction's for that goddy... as it does to other stuff's. like creating a inbuilt policy that guest can't access that folder...

  8. #8
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    For the most part I agree with ammo. However, Windows XP's default install folder is c:\windows and not c:\winnt. IMHO, MS has done that because most programs written for Windows NT/2K will use the $systemroot variable as WinNT is often installed to nonstandard drives/directores while many (badly written) programs for Win9x use a hardcoded "C:\Windows" to access $systemroot.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •