press ATL + F4 to kill the application you want or hit the power button to shut it off heheheee
Printable View
press ATL + F4 to kill the application you want or hit the power button to shut it off heheheee
can you start netcat from the run command without a console ( nc -L -p24 -ecmd.exe -d ) then with hyperterminal go to 127.0.0.1 on 24? dont have any machines that dis-allow cmd to test it on
As for WFP, wouldn't it be possible to tweak one of the cached files and then let WFP overwrite the real system file for you?
I must admit that your admin is tough...
But then again, you said that is easy to brake admin pass... is that another security hole you two should consider...
Or it will be considered later, if you realy end up with no solution for your current task?
On the other hand, you two are probably want to test if average user could compromise security.
I have to say, I'm out of suggestions for this one. I give up.
/me is starting IE with user rights... I wonder what this JS code is doing... ouch, I just erased some of my system files... damn, I got myself another WhenUsave grrrr
already tried that, but you get the same problem: the command prompt is disabled by your administrator....Quote:
can you start netcat from the run command without a console ( nc -L -p24 -ecmd.exe -d ) then with hyperterminal go to 127.0.0.1 on 24? dont have any machines that dis-allow cmd to test it on
i've thought of that, but i can't believe that M$ would have made such a stupid misstake to allow that while they use the WFP system...Quote:
As for WFP, wouldn't it be possible to tweak one of the cached files and then let WFP overwrite the real system file for you?
but i'll give it a try!
check this thread:Quote:
But then again, you said that is easy to brake admin pass... is that another security hole you two should consider...
http://www.antionline.com/showthread...hreadid=253958
the only way to solve this problem is to dissallow physical access, but that's not an option...
oh and msmittens, power users can alter the registry too as far as i can remember, not that it would do me any good though :(
Hi lepricaun
Let me get this straight in my own mind :)
1. You are trying to harden a system right?
2. You are looking to establish a safe "vanilla" user set up?
3. Loading clever tools, cracking the admin pass etc. are outside the scope of this?
4. You are interested in loopholes that will give elevated authority/ability to access or introduce stuff onto the system from the "vanilla" user login?
5. In other words it is a computer aware user "buggering about", not a high tech attack, that we are concerned with?
Is this correct?
Cheers
ok.. have you been here? well more like tried to reverse what is mentioned in these links?
http://www.theeldergeek.com/run_comm...e_registry.htm
http://www.winguides.com/registry/display.php/876/
This is what I was talking about in an earlier post..
Cheers
<edit> just spied this..
Why won't it do any good? have I overlooked some thing in how easy it is for users to make a change to the registry? the yaha worm was able to change various registry policy entries on limited user accounts.. The only thing left is a registry Block program.. a bit more militant than Regprot..Quote:
power users can alter the registry too as far as i can remember, not that it would do me any good though
Dunno if this was mentioned..
http://www.dougknox.com/xp/utils/xp_taskmgrenab.htm
/me is geting screwdriver from back pocketQuote:
Originally posted here by lepricaun
check this thread:
http://www.antionline.com/showthread...hreadid=253958
the only way to solve this problem is to dissallow physical access, but that's not an option...
Actualy I did read that post, and was involved in discussion, and gave some suggestion how to make things harder for intruder.
anyway, I think I have one more idea. Did you try to mess with login scripts... there is feature that support old clients (NT4 etc.). Maybie your admin left it in use, and user can access their folder. Just a thought.
i know but like i said, i work at a repair center, so it will take me about 2 minutes to hang another fdd, cdrom or even hdd to the machine, no matter what they remove, it will be back in in a flash, only option is to remove the pc itself and only give us the keyboard, mouse and monitor, but that will make it very hard to do our work for us.....Quote:
Actualy I did read that post, and was involved in discussion, and gave some suggestion how to make things harder for intruder.
haven't thought of that yet, perhaps it is a good possibility, i'll give it a thought!Quote:
anyway, I think I have one more idea. Did you try to mess with login scripts... there is feature that support old clients (NT4 etc.). Maybie your admin left it in use, and user can access their folder. Just a thought.
if this works on 2k too, it would be a great program, this should solve the problem!Quote:
However, it is nice to have a tool what can do what i want, i still want to find out how it works, so a new challenge has been born :)
as for the other links Und3ertak3r, i'm glad you kept your promise, and got back to me, thanks a lot!
i will go and study that links, and more of the registry, cause this is a point of windows, where my knowledge is way to little for all i care!!!
yes, i think so, it is for the protection to others, but for myself, any high tech attack, without the use of tools (unless i know exaclty how they work) would be a great oppertunity to learn new things!Quote:
Let me get this straight in my own mind
1. You are trying to harden a system right?
2. You are looking to establish a safe "vanilla" user set up?
3. Loading clever tools, cracking the admin pass etc. are outside the scope of this?
4. You are interested in loopholes that will give elevated authority/ability to access or introduce stuff onto the system from the "vanilla" user login?
5. In other words it is a computer aware user "buggering about", not a high tech attack, that we are concerned with?
Is this correct?
and cracking the admin pw is only interesting if it can be done on line with knowledge, not with lc4 or something like that, although i think it is a great tool, and the writer(s) have done a great job, it only works with admin rights, so that is not an threat in this case!
You should learn more about registry. Guess what? All policy settings are in registry. So, if you want to remove any restriction, just write some .reg file and put it in startup script...
I guess this will give you maybie a week to play with it... probably less...
Until then we'll have to think of more options...
start regedit, and search for "policy".... you will learn a lot of things