press ATL + F4 to kill the application you want or hit the power button to shut it off heheheee
Printable View
press ATL + F4 to kill the application you want or hit the power button to shut it off heheheee
can you start netcat from the run command without a console ( nc -L -p24 -ecmd.exe -d ) then with hyperterminal go to 127.0.0.1 on 24? dont have any machines that dis-allow cmd to test it on
As for WFP, wouldn't it be possible to tweak one of the cached files and then let WFP overwrite the real system file for you?
I must admit that your admin is tough...
But then again, you said that is easy to brake admin pass... is that another security hole you two should consider...
Or it will be considered later, if you realy end up with no solution for your current task?
On the other hand, you two are probably want to test if average user could compromise security.
I have to say, I'm out of suggestions for this one. I give up.
/me is starting IE with user rights... I wonder what this JS code is doing... ouch, I just erased some of my system files... damn, I got myself another WhenUsave grrrr
already tried that, but you get the same problem: the command prompt is disabled by your administrator....Quote:
can you start netcat from the run command without a console ( nc -L -p24 -ecmd.exe -d ) then with hyperterminal go to 127.0.0.1 on 24? dont have any machines that dis-allow cmd to test it on
i've thought of that, but i can't believe that M$ would have made such a stupid misstake to allow that while they use the WFP system...Quote:
As for WFP, wouldn't it be possible to tweak one of the cached files and then let WFP overwrite the real system file for you?
but i'll give it a try!
check this thread:Quote:
But then again, you said that is easy to brake admin pass... is that another security hole you two should consider...
http://www.antionline.com/showthread...hreadid=253958
the only way to solve this problem is to dissallow physical access, but that's not an option...
oh and msmittens, power users can alter the registry too as far as i can remember, not that it would do me any good though :(
Hi lepricaun
Let me get this straight in my own mind :)
1. You are trying to harden a system right?
2. You are looking to establish a safe "vanilla" user set up?
3. Loading clever tools, cracking the admin pass etc. are outside the scope of this?
4. You are interested in loopholes that will give elevated authority/ability to access or introduce stuff onto the system from the "vanilla" user login?
5. In other words it is a computer aware user "buggering about", not a high tech attack, that we are concerned with?
Is this correct?
Cheers
ok.. have you been here? well more like tried to reverse what is mentioned in these links?
http://www.theeldergeek.com/run_comm...e_registry.htm
http://www.winguides.com/registry/display.php/876/
This is what I was talking about in an earlier post..
Cheers
<edit> just spied this..
Why won't it do any good? have I overlooked some thing in how easy it is for users to make a change to the registry? the yaha worm was able to change various registry policy entries on limited user accounts.. The only thing left is a registry Block program.. a bit more militant than Regprot..Quote:
power users can alter the registry too as far as i can remember, not that it would do me any good though
Dunno if this was mentioned..
http://www.dougknox.com/xp/utils/xp_taskmgrenab.htm
/me is geting screwdriver from back pocketQuote:
Originally posted here by lepricaun
check this thread:
http://www.antionline.com/showthread...hreadid=253958
the only way to solve this problem is to dissallow physical access, but that's not an option...
Actualy I did read that post, and was involved in discussion, and gave some suggestion how to make things harder for intruder.
anyway, I think I have one more idea. Did you try to mess with login scripts... there is feature that support old clients (NT4 etc.). Maybie your admin left it in use, and user can access their folder. Just a thought.
i know but like i said, i work at a repair center, so it will take me about 2 minutes to hang another fdd, cdrom or even hdd to the machine, no matter what they remove, it will be back in in a flash, only option is to remove the pc itself and only give us the keyboard, mouse and monitor, but that will make it very hard to do our work for us.....Quote:
Actualy I did read that post, and was involved in discussion, and gave some suggestion how to make things harder for intruder.
haven't thought of that yet, perhaps it is a good possibility, i'll give it a thought!Quote:
anyway, I think I have one more idea. Did you try to mess with login scripts... there is feature that support old clients (NT4 etc.). Maybie your admin left it in use, and user can access their folder. Just a thought.
if this works on 2k too, it would be a great program, this should solve the problem!Quote:
However, it is nice to have a tool what can do what i want, i still want to find out how it works, so a new challenge has been born :)
as for the other links Und3ertak3r, i'm glad you kept your promise, and got back to me, thanks a lot!
i will go and study that links, and more of the registry, cause this is a point of windows, where my knowledge is way to little for all i care!!!
yes, i think so, it is for the protection to others, but for myself, any high tech attack, without the use of tools (unless i know exaclty how they work) would be a great oppertunity to learn new things!Quote:
Let me get this straight in my own mind
1. You are trying to harden a system right?
2. You are looking to establish a safe "vanilla" user set up?
3. Loading clever tools, cracking the admin pass etc. are outside the scope of this?
4. You are interested in loopholes that will give elevated authority/ability to access or introduce stuff onto the system from the "vanilla" user login?
5. In other words it is a computer aware user "buggering about", not a high tech attack, that we are concerned with?
Is this correct?
and cracking the admin pw is only interesting if it can be done on line with knowledge, not with lc4 or something like that, although i think it is a great tool, and the writer(s) have done a great job, it only works with admin rights, so that is not an threat in this case!
You should learn more about registry. Guess what? All policy settings are in registry. So, if you want to remove any restriction, just write some .reg file and put it in startup script...
I guess this will give you maybie a week to play with it... probably less...
Until then we'll have to think of more options...
start regedit, and search for "policy".... you will learn a lot of things
thanks for the hint, but that much i already knew :)
problem is that all policies are controlled from the domain, not locally, so changing the registry locally wouldn't make a diffence, tried that all ready :(
this doesn't work here, same problem, not a local policy!!Quote:
quote:
Dunno if this was mentioned..
http://www.dougknox.com/xp/utils/xp_taskmgrenab.htm
if this works on 2k too, it would be a great program, this should solve the problem!
However, it is nice to have a tool what can do what i want, i still want to find out how it works, so a new challenge has been born
this system is really nicely restricted!
but there has to be a way, and i will find it!!!!
Hm.... I thought that local policy runs last...
Once I had to set something, and change in registry overrided domain policy... well, until next logon ofcourse... but I guess that needs admin priviledges... damn... did you checked that legacy NT4 login scripts.. they are usualy overlooked?
yes, your admin gave you tough one... btw, how many times he had to change policy due to your discoveries?
he had to change the policies about 6-7 times in total.
as for the logon scripts, where exaclty can they be found on 2k?
cause i've been searching on the system , but haven't found anything usefull....
as for the registry settings for local policies, it could be that your right, i'll have to test it with the taskmgr, but since i haven't got another 2k system by hand, i don't know which key i should change for this since i can not view the registry on this system....
gotta install 2k on another system first....
Now I have to try to remember my MCP classes.... few years ago...
basicaly, when you deploy Active Directory, there is network share on DC for policies and login/logoff scripts for NT4, because NT4 worstations can't read GPO... there must be some more info on support.microsoft.com ... I'll try to do a little search too..
as for registry, one info... when you deploy GPO, all settings, restrictions etc. are then writen to registry.. that is how local system knows what is permited and what isn't...
You will have to lay your hands on one (w2k and XP are similar, but I never checked if they are the same)... the only thing you have to do is to make .reg file run on startup and set key for blocking cmd or taskmgr to 0x00000000...
I might find it for you, but then, I would spoil everything, would I?
If you set up another w2k, make sure that you make at least local policy with similar roules, so that proper registry keys are created...
I found this one on microsoft... there should be some interesting read here
http://www.microsoft.com/windows2000...nt/default.asp
thanks, i'll go check it out!!!
****EDIT****
installed w2k on my notebook, but forgot that i can not make a mirror of my system at home since the server that is used at work is w2k server, which has much more configuration options for the policies.
even after changing the policies so that one specific user ( named "user" ) can do nothing else except shutting down the system and logon locally, this account still has much more privilages then my account at work :(
so have to get w2k server first before i can continue...
meanwhile i'll keep searching for articles about the registry of w2k, especially for the policies..
i'll let you guys know if i found something...
if you know any good articles/tutorials please let me know!
****EDIT****
you don't have to bother with w2k server...
if your notebook has NIC, just make it a memeber of your work domain...
you will get all policies you need to check out.
but that's gonna be a problem, i can't just add a computer to the domain, a password is needed for this, and they wouldn't like it if i used their password to add my notebook...
so that's not an option i'm afraid....
you still don't need server...
on your notebook, start gpedit.msc... that is for local policies... that should give you enough options for runing programs, and blocking them...
gee, thanks!Quote:
you still don't need server...
on your notebook, start gpedit.msc... that is for local policies... that should give you enough options for runing programs, and blocking them...
there are some policies here that i've missed, this should do the trick!!!