Re: zOMG WINDOZE 7!!!
Posted: Mon Jun 01, 2009 3:07 pm
This is a recent security suite?Ferrarius wrote:At the secondary school I attended they at some point installed an app on alle the comptuers that should prevent us from visiting wrong pages and starting apps that shouldn't be started.
What wouldn't work:
- Firefox >_>
- Popular Flash Game Sites
Still websites at which one could buy malicious things because they didn't bother to save that. Some people even managed to get folder regarding firearms delivered to school. I did not do these things.
Anyway, As I mentioned Firefox could not run because of the application so I had to find a hack making the app inert. The app used a sort of dual watchdog, two applications watching whether or not the other one was running and if not restarting it. It was possible to freeze/kill them simultaneously but this would not always work. At some point I however found a far more elegant hack, start notepad (really, this is insane) and the app completely stops working. Firefox would start and keep running and all the previously blocked sites were accessible again.
When I was in middle school (I don't know common this is, but "middle school" was grades 6-8), I remember the school used a (very poorly written) security suite called "fool proof". I won't pretend that I was entirely innocent during my middle/high-school careers, or that the typical adolescent behavior of my peers (described a few times in this thread, whereby other students regard a tech-savvy student as a "hacker" or just generally doing something mysteriously malicious) were always unwarranted or even unwelcome. That being said, I discovered several things about "fool proof" during middle school:
- Programs execution was restricted by the filename of the executable. Thus, if the school banned "Quake.exe", students could still enjoy their game by renaming it to "Explorer.exe".
- The security suite prohibited access to the control panel, and thus "Add/Remove Programs", but the uninstallation program, itself, did not do any checking (didn't even ask for a password) to allow removal of the software. I found this out because,
- The software implemented security as a windows service, which is not started when windows boots into safe mode. In doing this, the application happily uninstalled itself. The administration wasn't terribly surprised that the computer had been tampered with, but the fact that the software was so cleanly removed left them scratching their heads.
Maybe idle hands are the devil's playthings, or maybe the "disable right-clicking" feature became too irritating, but sure enough, I discovered several ways around the security suite, again:
- Starting with a blank floppy disk, the (limited) access to a command prompt still allowed the user to create a DOS bootdisk, and the computers were still configured to check the floppy drive for a bootable disk. In DOS, I discovered an INI file on the root of the C drive, which contained a setting that determined whether or not the security software should be enabled or not upon start up!
- Although the software disabled the Ctrl-Alt-Delete task manager of windows 98, it was still trivial to write an application to list the processes, and have it end the security's own program.
- I realized that, for the AP preparation, my teacher would disable security temporarily for a student to install a specific set of libraries, and later he would re-enable the security. I noticed that both disabling and enabling security involved typing a password. During the next semester, when I was situated at a different computer, I asked my teacher to disable security so that I may install the AP libraries. While the security was disabled, an idea occurred to me: I could write a keylogger. I managed to write and test a quick keylogger in that class session, which would save keypresses to my student space. After that day, I simply had the administrator password to modify security as I pleased.