Printable View
for me it's ok
it took me just 15 minutes to get around thr restictions .... just should make the admin think about the security...
but i'm localadmin at work and ...uh...one of the networkadmins do smile at me every time we met
so i have to find out my limmits myself - with possibility of loosing internet access for all tere grouped users...so...think before you will act
btw... i'm coming to connect from a "blacklisted" server(gate) :))
Lepricaun,
Chill out mate :) some of us have been following your threads and see what you are doing. I have done the same myself in the past...........
I would be given a machine with user rights to see if there were any holes? the logic being that I was as good or better than the "best user" and that as I was on the development/project management/apps support side I was not really "tainted" with insider admin department knowledge.
OK I did help out on that side and have both local and sysadmin access, but that was not the idea of the testing that I did. It was pure security testing, really not that different, logically, from the systems and user acceptance testing that my guys would do?.
If you want to know how to break an application.............give it to a user :D
Cheers
Err, no, not quite, you see, you didn't acctualy specify your motives in THIS thread. I hadn't read the others, and I don't really care either, if you don't explain your reasons for wanting this info then you better expect to be told to **** off.Quote:
Originally posted here by lepricaun
and your age??? eight???
no, i'm 25 and if you did some research before you come up with these types of accusations, you'd know this isn't neccesary!!!
view this threads:
http://www.antionline.com/showthread...hreadid=254315
http://www.antionline.com/showthread...hreadid=253958
and by the way, what is wrong with testing the security ( hacking ) if it is with permission???
Have you attempted to spawn the process from another application that is allowed, for instance the web browser?
Also, what version of antivirus software are you using? Any way to exploit the update feature to spawn a system process?
What about running Windows Update (system privelages), then spawning a command prompt from the address bar using IE's explorer integration? (Of course, file system restriction may prevent this.)
Can you select "New Task" from the task manager?
does the local admin account autologon when the PC is booted into safe mode? Could a user use this to root the PC by adding a local account with admin access that has the same name as their domain logon?
Just brainstorming some ideas here.
lepricaun, actually i looked over your posts before i tried to help (although ive been none). but unfortunatly...as far as i can tell right now, if a computer is completly current with its patches and the command prompt is disabled along with command prompt script processing theres no way (that ive found so far) to escuate privilages in order to remove these restrictions because they all require a command prompt of one form or another.
i tried everything i can think of but if a machine is fully patched theres no vuln with which to attack from the outside and create a shell with system privilages. i made a shortcut and started netcat detatched and and set it to run a morphed version of cmd on connect. i could connect to it but when it went to open a command shell i got "the administrator has disabled the command prompt"....on netcat!!...thats allot of nerve
so now we know that a program can run detached as long as it doesn't try to open a shell. im going to try making a pl script to do "something" and compile it with perl2exe to run without a console. maybe that will work.
yes, i'm sorry about that Noia, i might have been overreacting, but i just had a bad day yesterday, had the flue with fever and all, so sorry for my reaction, please just ignore it!Quote:
Err, no, not quite, you see, you didn't acctualy specify your motives in THIS thread. I hadn't read the others, and I don't really care either, if you don't explain your reasons for wanting this info then you better expect to be told to **** off.
yes, but even the browser is restricted, for instance, when i type c:\ in the browser i get the message that this is not allowed due to restrictions...Quote:
Have you attempted to spawn the process from another application that is allowed, for instance the web browser?
perhaps, were using trendmicro's officescan, and although i did some research about this program, i haven't found anything usefull yet...Quote:
Also, what version of antivirus software are you using? Any way to exploit the update feature to spawn a system process?
not possible, all done automatically, we can't even select "no" when the automatic updates are installed and the pop-up box askes you if you want to reboot your computer.Quote:
What about running Windows Update (system privelages), then spawning a command prompt from the address bar using IE's explorer integration? (Of course, file system restriction may prevent this.)
No, cannot even open the taskmgr...Quote:
Can you select "New Task" from the task manager?
haven't tried that yet, but i'm sure it doesn't autologon.. but i'll give it a try tomorrow!Quote:
does the local admin account autologon when the PC is booted into safe mode? Could a user use this to root the PC by adding a local account with admin access that has the same name as their domain logon?
i've tried running netcat too to get a shell by using"nc 127.0.0.1 1500" and that also gave me a shell, but the only command i can execute is "exit" all others are restricted!Quote:
lepricaun, actually i looked over your posts before i tried to help (although ive been none). but unfortunatly...as far as i can tell right now, if a computer is completly current with its patches and the command prompt is disabled along with command prompt script processing theres no way (that ive found so far) to escuate privilages in order to remove these restrictions because they all require a command prompt of one form or another.
i tried everything i can think of but if a machine is fully patched theres no vuln with which to attack from the outside and create a shell with system privilages. i made a shortcut and started netcat detatched and and set it to run a morphed version of cmd on connect. i could connect to it but when it went to open a command shell i got "the administrator has disabled the command prompt"....on netcat!!...thats allot of nerve
so now we know that a program can run detached as long as it doesn't try to open a shell. im going to try making a pl script to do "something" and compile it with perl2exe to run without a console. maybe that will work.
and i think my administrators are doing their job really well, but that just makes it more interesting to help them..
( and for my knowledge of course, since i'm planning on getting a job as system administrator too!)
i've tried adjusting the cmd.exe , taskmgr.exe and regedit.exe to look at another location of the registry to see if they are disabled, perhaps this will help?! i know it tomorrow, and i'll let you guys know!
what about dosbox ??
http://dosbox.sourceforge.net/
it's an x86 emulator with dos ;)
lepricaun! i got it! i got it.....god dam i got it!
at home logged into an admin account. in gpedit i disable dos prompt and checked disable dos scripting...click ok. try running a cmd prompt..."your administrator blah, blah blah". click on the executable contained in here tcmd202.zip from this page http://www.jpsoft.com/download.htm#free and voila!
its a 16bit free command com replacement called take command, that opens up a win3.1 type gui. i type in ftp xx.xxxx.xx.xxx and a regular dos box opens and asks for a user name...holy ****! i enter cmd and get ..."your administrator blah, blah blah". hmm! type in netstat and it open a dos box starts listing. YES!
i haven't looked a the_JinX's link im sure thats just as good if not better. but this works. it will fit on and run from a floppy and bill gates can kiss my polack ass.
forgive me but this has really been bugging me...oh well off to source fourge! thanks the_JinX
Would this little proggie work?
It was a little 5 minute thing and I'm a sloppy programmer; probably it could use some work. I tried it out, though, and it worked alright. But I don't know how to disable DOS prompt or scripting in Win2k :rolleyes: so I don't know if it would work under those circumstances. I think it might not. Maybe someone could compile that and give it a go? Probably going with TedBob's method would be easier. Just my $0.02 ;)Code:#include <iostream>
#include <cstdlib>
using namespace std;
int main()
{
char *str = new char;
loop:
cout << "command: ";
cin.getline(str,50);
system(str);
goto loop;
return 0;
}
See ya later,
mjk
thanks all for being such a help!!!!
unfortunately i'm sick at home at the moment, so i cannot test anything yet at my work..
hope to be at work tomorrow though!
Tedob1, since you were able to block the command prompt with policies, can you test this cmd.exe for me? i've attached it and changed one character in the string of the registry at which the program goes to check if it is disabled or not.
btw, if you do not trust the program, which i can understand, then patch it yourself, just open it with a hex-editor and search for:
D.i.s.a.b.l.e.C.M.D.
right after this word you'll see a string pointing to a registry key, just change microsoft into microzoft or something like that and save the program.
that's all i did..
this should work too, got the idea from stanger...
but i'm sure as hell gonna try all programs that you guys gave me too, the more options to get through this, the weaker the security!
but that rises another problem:
suppose these programs work, how the hell can they be blocked too, cause otherwise i just found a leak ( with help of you guys ), but without the cure!!!!