Results 1 to 4 of 4

Thread: Everybody noticed... (-: but no-one cared that much [winxp]

  1. #1

    Everybody noticed... (-: but no-one cared that much [winxp]

    Windows xp executes a default screen saver ' login.scr' after a certain time of inactivity in windows :with i guess admin. privilege!!! even when no screen saver is specified or the screensaver is disabled by the user/administrator...
    Not to mention, this sceen saver even pop's up in the welcome screen if the user logon is delayed for couple of minutes...
    Guess what... a person like me could replace a default "c:\windows\system32\login.scr <hUNT3R infeCted>
    I am not sure on this... /never got enough time to 100% assure this... <it start's with a admin. privilage> is there anyone out there to verify this...

    Anyway the solution could be...
    HKEY_USERS\.DEFAULT\Control Panel\Desktop
    Based on the same kind of trick i came up with a idea 4 year's ago.
    Ok, here is a situation...
    Suppose you have to hack a network that is up 24/7. You have a guest/user access...
    YOUR admin. monitor's your work form a remote terminal...
    here is what you could do...
    Replace the winword.exe with excel.exe <kidding>
    Replace the winword.exe with another winword.exe <hUNT3R infected> and wait until your admin simply click's a *.doc
    Or you could tailor your stupidity to anything, like waiting for the network getting hacked with a sub7 after the admin [i] right click's his desktop
    Yap, this is possible by simply replacing some *.dll's, *.exe's or....... *actually i forgot*
    Now don't toast me telling what if the SFC monitor's your activity and restores the original system file when you try to replace it...
    Try disabling it by using these trick...
    and deleting sfc.exe and some *.dll's
    Happy hunting

  2. #2
    Senior Member
    Join Date
    Jan 2002
    No, on Windows NT, 2000 etc, if your C: drive is on NTFS (as Microsoft say it should be if you want any level of security), that file will be protected by an ACL which doesn't allow untrusted users to access it.

    Also Under Windows 2000 it may be protected by Windows File Protection (not checked this) - although this is academic anyway if the ACL doesn't allow it to be overwritten.

    Do you have any Windows sysadmin experience at all, except for your lame WinXP box with FAT32 on its C: drive? Have you read anything about windows security?

    C:\WINNT\system32>cacls logon.scr
    C:\WINNT\system32\logon.scr BUILTIN\Administrators:(OI)(CI)F
                                NT AUTHORITY\SYSTEM:(OI)(CI)F

  3. #3
    Senior Member
    Join Date
    Sep 2001
    NT4 had very weak default ACL, W2k fixed that (and experianced admins fixed that by hand in NT4).

    Credit travels up, blame travels down -- The Boss

  4. #4
    Join Date
    Apr 2003
    yap i am talking about fat32. There are still dorzon's of admin's using fat32 for their convinence... You can't just babble around with your poor words brother because the fat32 exist in the world. Don't be specific , and think dynamic...

    < It's like, i am talking about a disease that could infect you... you cry all around 'I AM VACCINATED' that's pointless...>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts