Main Forums Links The Vault Misc Wallpapers Login

features post Articles (Articles) search files, exploits & links sections: Article ThemesArticlesArticles -> EncryptionArticles -> HardwareArticles -> HistoryArticles -> LinkArticles -> NetworkingArticles -> ProgrammingArticles -> SecurityArticles -> SoftwareBoxster's LifestyleHOW-TO -> *nixHOW-TO -> HardwareHOW-TO -> NetworkingHOW-TO -> ProgrammingHOW-TO -> WindowsInterviewsNew Order NewsletterOut of the boxReviews -> BooksReviews -> HardwareReviews -> SoftwareSite NewsTheme of the monthViews online chat  server:    irc.xor.cx  channel:    #neworder random article Java 2 SDK / 1.4.0 has been released cube Feb 2 2002 quotable quotes "Man is born free; and everywhere he is in chains. One thinks himself the master of others, and still remains a greater slave than they." Jean Jacques Rousseau

Just in time for school to start - Bypassing Windows user/file restrictions @ Articles -> Security     Aug 25 2004, 12:07 (UTC+0) This paper should be fun to read and easy to understand... cleanfloor writes: Let's face it: We were (or are!) all students at one time, and during that time there were computers provided for our use, but unfortunately for us, they were usually quite locked down. These restrictions were generally in use to prevent A) Outside software from being installed on the machines (for good reason), B) The accessing of files on the hard drive not meant to be viewed, and C) Executing Dos commands. In a few short minutes you'll know how to do all three. This paper should be fun to read and easy to understand. What it will not be is a tutorial on how to crack your windows password, steal your buddy's sam file, or paw through the cache to find evidence that your girlfriend is cheating on you - and she is. All the methods described use nothing more than standard Windows software, so you should have no problem trying these out for yourself. All these methods were tested on the latest/greatest Microsoft software and all work fine. While I discovered these methods for myself and have never seen them published anywhere else, that does not mean no one else has figured it out. There are generally two types of lockout restrictions. The first is user based. Trying to install a program like aim will give you something that looks like this: Trying to run aim without admin privledges? Blasphemy! The other type of restriction is directory based. IE, if you're X user you can not write to any directory except your home space, or whatnot. However, that would be too easy to install a program to the home space, especially considering the sysadmin would catch on with a quickness - not to mention all the readers of this may not have some sort of san that allows all users to have a bit of space. What I propose is to install whatever software you like right on the local machine. But where, you ask? I don't have permissions to write to any directory...right? Wrong! You can write to /temp and /documents and settings/username/local settings/temp! Let's look at what happens when you try to install gaim to /temp. No problems at all, except the registry changes, but you can just ignore those So the moral of the story is installing programs is very easy, you just have to write them to temp space, either at the profile level, or the hard /temp directory. Even if you just want to download something and you can't 'see' the hard drive in the save menu, a simple c:\temp entered in the save-to path will allow you to download at will. H'Ok, so, we can now install programs, but that's nothing if we can't run them! This is true, but in a just a few mouse clicks, I'll show you that you can. Every kiddie in the world knows the windows-r trick to run a program based on the path. So sysadmins around the world took the simple step to disable that. Now, upon pressing, you're greeted with a: Whoops, locked out of windows shortcut keys Curses, foiled again! Ok, well, no problem, I'm still wicked l33t, I'll just pull a windows-e and explorer will pop up and I can hax0r the hard drive that way. Right? Well, unless your sysadmin is a complete jamoke, you'll probably see this: Gasp! Where is the hard drive? (ignore the san share) Well how then Mr. Cleanfloor, how do I access the hard drive? Simple. First, open up Microsoft Word, and come on, it's a school computer, Word is going to be installed. Notepad, Paint, Wordpad, etc will NOT work, although any office app will be fine. Click on file---then open--- then type c:\, and hit enter, like this: First, enter c:\ for the path Then, when you hit enter, you'll be greeted with this Bam, read and delete permissions. This is all well and good for text files you're probably thinking, but how does this help me for executing the program I just installed? Easy, just navigate to the directory where the program is installed, find the executable of the installed program, ie, gaim.exe, and with the keyboard (as I've found sometimes the mouse is locked out), hit the right click button, go to 'send to----desktop'. In an attempt to have computers that are remotely user-friendly, sysadmin will always leave execute permissions on for the desktop. And since we know that Office apps pretty much ignore user permissions, just send that shortcut right on to the desktop, minimize everything (windows-d), and double click on your shortcut. You'll be in business! Almost there! This Dos command bit is really pretty unnecessary, except for all you old schoolers out there, but you are probably not in high school anymore ;-) The easiest way to get to a dos shell would be to navigate to winroot(winnt/windows)/system32, and send a shortcut to command.com to the desktop. However, if your administrator has half a brain he will have manually disabled the shell and you'll get a locked out message. Not a problem, we'll just create a little batch file to run whatever commands we'd like! First, a bit of review for those who may not be familiar with batch files. A batch file is a straight text file that will execute commands in sequence based on line breaks. Back in the day, you could create a batch file like this: Batch files are the new (or old) cron jobs So this would print out a directory listing, then change to / (c:\, if you're on the c drive), copy log.txt to logbackup.txt, then clear the screen. Pretty useless yes, it's just to illustrate a point. To save the batch file you hit ctrl-z, then hit enter. That's it! Simple, no? Well, it gets even easier. Just put the commands on different lines in notepad or some text editor and save it as .bat. Then just run it, and bam, you'll have access to pretty much any dos command you want. Now, there is nothing Earth shattering in this paper. I'm just a small guy helping you avoid the small Windows annoyances. As a side note, yes I submitted these ideas to Microsoft years ago, but I never heard back. read comments (115) / write comment views: 76732   printer-friendly version Top of page

powered by

The content, logo and design of this site is © 2008 by particular authors, the New Order team and Box Network ltd.
For more information about New Order contact Marek
The privacy policy statement for Box Network.