Potential Exe Exploit

Discuss it here

Moderators: Community Moderators, Veterans - RM Community

Forum rules
RM Specific Disclaimer: Users should be advised that any software files, modifications, upgrades, plugins etc are property of the poster.
Xatrix Security do not accept ownership of these files nor do we accept liability for any copyright violations.
Xatrix Community Guidelines: Click Here
Lil_AzZa
Posts: 7
Joined: Sun May 11, 2008 7:57 am

Potential Exe Exploit

Postby Lil_AzZa » Sun May 11, 2008 8:02 am

Ok i have been thinking up potential work arounds so that I would be able to run exe's at my school. Here is the exploit i have thought up. I haven't actually coded the exploit yet but here is all the infor.

I was planning on creating a program in VB (Which our school allows to complie etc in) this program would copy the notepad.exe from teh computers system32 drive to my documents and would paste the exe i wanted to run into system32 and rename it as notepad so thn when I run notepad it should theoretically run the exe i copied over yes??? Would this work? BTW my school is using RM (Insert Some name here) 3

jd2kuk
Posts: 1537
Joined: Fri Mar 16, 2007 12:19 am
Location: UK
Contact:

Re: Potential Exe Exploit

Postby jd2kuk » Mon May 12, 2008 5:09 pm

This post belongs in the RM forum- I shall move it there...

As a matter of fact, you wouldn't need to do any of that- unless it is specifically disabled at your school, any exe can be ran from the C drive or system32 folder. All you'd have to do in theory is make a program in VB which copies your exe file into either above folders, and you should be able to make a shortcut to it, and run it. ;)
To be fair, though, if you have permissions to access the command line, you can just use the copy command to do exactly the same...

And it's Community Connect 3 ;)

spoilsport
Posts: 53
Joined: Fri May 09, 2008 12:08 pm

Re: Potential Exe Exploit

Postby spoilsport » Mon May 12, 2008 11:22 pm

jd2kuk wrote:This post belongs in the RM forum- I shall move it there...

As a matter of fact, you wouldn't need to do any of that- unless it is specifically disabled at your school, any exe can be ran from the C drive or system32 folder. All you'd have to do in theory is make a program in VB which copies your exe file into either above folders, and you should be able to make a shortcut to it, and run it. ;)
To be fair, though, if you have permissions to access the command line, you can just use the copy command to do exactly the same...

And it's Community Connect 3 ;)


Except, unless you're a system administrator or privileged user, you'll not have permission to do any of that.

muto
Posts: 417
Joined: Sat Mar 29, 2008 12:46 pm

Re: Potential Exe Exploit

Postby muto » Tue May 13, 2008 7:30 am

If you can run your VB program, why do you need to move it to system32?

jd2kuk
Posts: 1537
Joined: Fri Mar 16, 2007 12:19 am
Location: UK
Contact:

Re: Potential Exe Exploit

Postby jd2kuk » Tue May 13, 2008 5:56 pm

The VB program was just a tool in the process- there was another exe he wanted to run.

Speaking of which, there's a much easier way to run exe's in your school- get a network admin or privileged user account, and just run your exe. If I remember rightly, default security policy is to not allow applications to be ran from portable devices, but it might be different if you're using an admin/privileged user account, I'm not sure ;)

P.S. Privileged user permissions are machine specific, so just because you have a privileged account on one machine, doesn't mean you will on another

User avatar
heebyjeebys
Posts: 1352
Joined: Thu Feb 28, 2008 10:24 pm
Contact:

Re: Potential Exe Exploit

Postby heebyjeebys » Tue May 13, 2008 7:25 pm

there is an even easier way than that: Bring your own laptop, belive me, its much better than using any school computer. My P3 laptop outpreformed a core 2 laptop yesterday :lol:

Lil_AzZa
Posts: 7
Joined: Sun May 11, 2008 7:57 am

Re: Potential Exe Exploit

Postby Lil_AzZa » Sun Jul 20, 2008 2:04 pm

jd2kuk wrote:P.S. Privileged user permissions are machine specific, so just because you have a privileged account on one machine, doesn't mean you will on another


So that could explain everyones ability to run exes on certain machines in the school

User avatar
heebyjeebys
Posts: 1352
Joined: Thu Feb 28, 2008 10:24 pm
Contact:

Re: Potential Exe Exploit

Postby heebyjeebys » Sun Jul 20, 2008 2:13 pm

pro rat, i tried that on my own domain earlier today. Bloody hell its powerful!!!
You can emebed it it in a jpeg for instance, and it runs on the client (victim) and you can take control of the computer. its amazing, you can even talk to them and open up IE with XXX pictures LOL great fun.
Heeby's here! :)

User avatar
ICT Tech
Community Master Admin
Posts: 1415
Joined: Thu Jul 26, 2007 6:33 pm
Location: In my chair!

Re: Potential Exe Exploit

Postby ICT Tech » Tue Jul 29, 2008 10:51 pm

Lil_AzZa wrote:
jd2kuk wrote:P.S. Privileged user permissions are machine specific, so just because you have a privileged account on one machine, doesn't mean you will on another


So that could explain everyones ability to run exes on certain machines in the school


Well maybe not, privileged users are assigned individually to a machine.
I'll explain, Your Tech or an RM Admin would have to come along into your school and,
1. Login to RMMC
2. Find the Machine
3. Open the Settings of the Machine
4. Go to the Privileged Users Section
5. Start typing in usernames

So, it would be quite noticable :P
ICT Tech
Senior Community Admin

Lil_AzZa
Posts: 7
Joined: Sun May 11, 2008 7:57 am

Re: Potential Exe Exploit

Postby Lil_AzZa » Wed Jul 01, 2009 2:01 pm

I have finally discovered a working exploit, well a new kid found it in days haha, he compresses the exe to a zip then uncompresses it to C:\Documents and Settings\Username\ then he can run it from start menu. He also found a way to log off his user, or so we think. He opens word types stuff then presses log off, this in turn asks him to save his work he presses cancel adn the little yellow man dissappears but your still logged in, only problem is RM clients continue to run, to solve this we opened a process manager using our exe exploit and killed the RM programs. This I guess would be very trackable but seems to work.


Return to “RM Community Connect”

Who is online

Users browsing this forum: No registered users and 5 guests