Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: local security workaround through IE

Re: local security workaround through IE

From: Jason Brvenik <jason.brvenik_at_USDOJ.GOV>
Date: Mon, 3 Apr 2000 10:33:40 -0400

Wouldn't it be a lot easier just do download a copy of poledit and edit
the policy yourself?

Andrew Bennieston wrote:
>
> Approved-By: BlueBoar_at_THIEVCO.COM
> Delivered-To: vuln-dev_at_lists.securityfocus.com
> Delivered-To: vuln-dev_at_securityfocus.com
> X-MSMail-Priority: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
> X-To: vuln-dev_at_securityfocus.com
>
> Uh, Isn't it easier to boot into safe mode and remove the security that
> way...??
>
> Unless, of course the boot keys have been disabled. Even then you can
> use a
> DOS boot floppy.
> Also - How can I get into Safe Mode if I have a boot floppy, and the
> boot
> keys have been disabled on a PC? Is it some parameter on win.com??
>
> -----Original Message-----
> From: VULN-DEV List [mailto:VULN-DEV_at_SECURITYFOCUS.COM]On Behalf Of H D
> Moore
> Sent: 25 March 2000 05:45
> To: VULN-DEV_at_SECURITYFOCUS.COM
> Subject: Re: local security workaroudn through IE
>
> Hi,
>
> I havent heard of anyone doing this before, so here is my personal trick
> to break out of a 'secured' win 9x machine:
>
> The MS Office suite is almost available for a user, regardless of what
> type of restriced computing environment one is in. Most of these
> 'security' tools relay on system policies (registry entries) and system
> level hooks for File->Open GUI's and Explorer Shell functions. Well
> Microsoft included an entire visual basic devlopment environment with
> each Office App, called VBA (Visual Basic for Applications). This can
> be accessed by the Visual Basic Editor item in the Macro menu in most M$
> Office applications. VBA is not restricted to simple document parsing
> commands, in fact you could write your own Registry Editor, Process
> Manager, or Network Trojan with VBA (I have done all of the above for
> kicks) and hide it in a simple Word Document. Save this to a floppy and
> you will have your own System Policy Editor accessible whenever you need
> to remove thsoe pesky security programs.
>
> -HD
>
> http://www.secureaustin.com
>
> Robert wrote:
> >
> > This isn't something that can be stopped (not to my knowledge at least
> > without messing with the OS itself). Most software companies just rely
> > on the fact that no one will notice that you can browse the HD with a
> > http browser, or any other program that has file->open. However, if
> the
> > software is good, then the only thing this will let you do is find out
> > what packages are installed because they will have blocked the opening
> > of any critical files (like *.bat, *.ini, et al). As well, most
> software
> > doesn't let you run system critical executables (stuff like regedit
> > which would allow you to turn off the software altogether). Anyway, it
> > is a nifty little trick cause it lets you browse the HD when everyone
> > else is sitting there thinking you can't. Oh, one more thing, if the
> > 'run' option is still left in the start bar, the world is your oyster,
> [ snip ]
> > again, we ARE talking about Windows "security" software :P. As for the
> > OOBing, no comment.
> >
> > Robert Kotz
Received on Apr 03 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos