lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BAY7-DAV103I9bjxpgg0000ec9d@hotmail.com>
From: rlanguy at hotmail.com (Lan Guy)
Subject: Gates: 'You don't need perfect code' forgood security

Frank

More to the point, not many people have gone through the MS OPK (OEM
Pre-Install Kit) to see exactly how "modified" one can make a windows build.

There is also a shortcut for the default Program Files directory (if it was
changed in Install) I can't find it right now.

And using TweakUI from the Windows XP Resource kit, there are uite a few
unique customisations one can do too.
http://www.microsoft.com/mspress/books/sampchap/6232.asp (and its continuing
page)
is 1 example of the info it contains. like being able to modify the location
of all the users "special folders"
however they still appear as virtual links like  %USERPROFILE%\My documents
.
You can also hide drives from the gui, but I have never had to do that yet.

Lan Guy

----- Original Message ----- 
From: "Frank Knobbe" <frank@...bbe.us>
To: <Valdis.Kletnieks@...edu>
Cc: <nick@...us-l.demon.co.uk>; "Full Disclosure"
<full-disclosure@...ts.netsys.com>
Sent: Monday, November 03, 2003 6:50 AM
Subject: Re: [Full-Disclosure] Gates: 'You don't need perfect code' forgood
security

On Sun, 2003-11-02 at 21:09, Valdis.Kletnieks@...edu wrote:
> On Mon, 03 Nov 2003 12:23:06 +1300, Nick FitzGerald
<nick@...us-l.demon.co.uk>  said:
> > Finding the actual location of the startup folder was beyond the
> > exploit because it was running in an environment that could not query
> > the registry or other system APIs that would reveal the location.

Actually, I think it was beyond the knowledge of the exploit writer. :)

> And for bonus points, explain how you fix the scheme so the poor sysadmin
who
> has to run stuff at startup is able to find the folder, but an exploit
running
> with 'administrator' or 'system' can't find it?

Sure. %SYSTEMROOT%. %WINDIR%, or %USERPROFILE% should work just fine for
most cases of scripting and such.

Of course viruses and other malware can use the same environment vars. I
guess the writers of these annoyances didn't think that far.... lucky us
:)

Regards,
Frank

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ