Another way to get a dos prompt is via OLE objects :-))
Example:
Start WordPad , goto menu INSERT , OBJECT, CREATE FROM FILE and type
location of program you wish to start ( c:\command.com )
----- Original Message -----
From: "Blue Boar" <BlueBoar_at_THIEVCO.COM>
To: <VULN-DEV_at_SECURITYFOCUS.COM>
Sent: Saturday, March 25, 2000 10:02 AM
Subject: Re: local security workaround through IE
> Knud Erik Højgaard wrote:
> >
> > On many 'crippled' public computers (at libraries etc.) running some
sort
> > of restriction software, its possible to use file/open/browse in IE,
type
> > for instance c:\ as filename, and get a directory overview. Nice for
> > determining what kind of security software is running, (by looking in
> > 'program files' *doh daft admins*) deleting files etc. . This is not a
bug
> > in IE, just bad programming from the software dudes...i guess?
> > Right click the file you want to run, and instead of choosing the top
> > option called 'select', use #2 called 'open' ... sometimes access is
> > disallowed to certain files IE command.com etc. , but simply downloading
> > the file from somewhere else or copying it to another location usually
lets
> > you run pretty much whatever you want.
>
> I've managed to get my prompt back on an NT box I was configuring to be
> a kiosk via Netscape.. I secured it a bit too much during one round. :)
> You can reconfigure just about any mime type to execute an external
> program, say explorer.exe.
>
> I had netscape set to be the shell. It's easy to forget that changing
> everyone to no access overrides admin having any access, since
> everyone includes admin, and no access overrides any other ACLs. Whoops.
>
> > I've had loads of fun mass OOB'ing
> > libraries from one of their own machines..yes i know its lame, but i
kind
> > of like looking at 40 screens turning blue one after another..
> >
> > comments anyone ?
> >
>
> Yes, winnuking is lame. :)
>
> That was patched a long time ago... they're still vulnerable?
>
> BB
>
Received on Apr 05 2000
Intro
