Xatrix Security

[Lil_AzZa]

Ok i have been thinking up potential work arounds so that I would be able to run exe's at my school. Here is the exploit i have thought up. I haven't actually coded the exploit yet but here is all the infor.

I was planning on creating a program in VB (Which our school allows to complie etc in) this program would copy the notepad.exe from teh computers system32 drive to my documents and would paste the exe i wanted to run into system32 and rename it as notepad so thn when I run notepad it should theoretically run the exe i copied over yes??? Would this work? BTW my school is using RM (Insert Some name here) 3

[jd2kuk]

This post belongs in the RM forum- I shall move it there...

As a matter of fact, you wouldn't need to do any of that- unless it is specifically disabled at your school, any exe can be ran from the C drive or system32 folder. All you'd have to do in theory is make a program in VB which copies your exe file into either above folders, and you should be able to make a shortcut to it, and run it.
To be fair, though, if you have permissions to access the command line, you can just use the copy command to do exactly the same...

And it's Community Connect 3

[spoilsport]

This post belongs in the RM forum- I shall move it there...

As a matter of fact, you wouldn't need to do any of that- unless it is specifically disabled at your school, any exe can be ran from the C drive or system32 folder. All you'd have to do in theory is make a program in VB which copies your exe file into either above folders, and you should be able to make a shortcut to it, and run it.
To be fair, though, if you have permissions to access the command line, you can just use the copy command to do exactly the same...

And it's Community Connect 3

Except, unless you're a system administrator or privileged user, you'll not have permission to do any of that.

[muto]

If you can run your VB program, why do you need to move it to system32?

[jd2kuk]

The VB program was just a tool in the process- there was another exe he wanted to run.

Speaking of which, there's a much easier way to run exe's in your school- get a network admin or privileged user account, and just run your exe. If I remember rightly, default security policy is to not allow applications to be ran from portable devices, but it might be different if you're using an admin/privileged user account, I'm not sure

P.S. Privileged user permissions are machine specific, so just because you have a privileged account on one machine, doesn't mean you will on another

[heebyjeebys]

there is an even easier way than that: Bring your own laptop, belive me, its much better than using any school computer. My P3 laptop outpreformed a core 2 laptop yesterday

[Lil_AzZa]

P.S. Privileged user permissions are machine specific, so just because you have a privileged account on one machine, doesn't mean you will on another

So that could explain everyones ability to run exes on certain machines in the school

[heebyjeebys]

pro rat, i tried that on my own domain earlier today. Bloody hell its powerful!!!
You can emebed it it in a jpeg for instance, and it runs on the client (victim) and you can take control of the computer. its amazing, you can even talk to them and open up IE with XXX pictures LOL great fun.

[ICT Tech]

P.S. Privileged user permissions are machine specific, so just because you have a privileged account on one machine, doesn't mean you will on another

So that could explain everyones ability to run exes on certain machines in the school

Well maybe not, privileged users are assigned individually to a machine.
I'll explain, Your Tech or an RM Admin would have to come along into your school and,
1. Login to RMMC
2. Find the Machine
3. Open the Settings of the Machine
4. Go to the Privileged Users Section
5. Start typing in usernames

So, it would be quite noticable

[Lil_AzZa]

I have finally discovered a working exploit, well a new kid found it in days haha, he compresses the exe to a zip then uncompresses it to C:\Documents and Settings\Username\ then he can run it from start menu. He also found a way to log off his user, or so we think. He opens word types stuff then presses log off, this in turn asks him to save his work he presses cancel adn the little yellow man dissappears but your still logged in, only problem is RM clients continue to run, to solve this we opened a process manager using our exe exploit and killed the RM programs. This I guess would be very trackable but seems to work.