Tweet
In some versions of Windows, I have noticed that not all the shortcut-keys are disabled. Specifically when in the NT network logon window, if you press ctrl+esc you are given an old task manager. Then, you can select to start explorer.com, which will load a desktop environment. I have noticed that this environment gives you system-level access, as the user from which the explorer.com process was spawned was system (because of the login.) From here, I was able to modify the settings so that I had my own local administrator account, and cause the logon to be local, instead of a network logon. It still obtained and IP address and I was still on the network, except with completely free reign. The proxy that would normally deny me access to some pages (such as insecure.org and packetstormsecurity), was bypassed. From here, a malicious hacker could have caused all sorts of havoc due to the complete lack of restrictions. Is this ctrl+esc a feature, or a bug? If you ask me, this is a pretty dangerous problem.
-
There once was a Windows box with no firewall. Keyword is, there once was.
-
It sounds like an old, unpatched version of Windows NT. I think it is the fault of the administrator if he fails to keep the system up-to-date.
It may be a "feature" for you, but it could be dangerous to exploit (depending on the environment). -
Hm, time to be a good little whitehat and email the admin. =)There once was a Windows box with no firewall. Keyword is, there once was.
Comment
-
I wouldn't necessarily say that...
Comment
-
Here's to hoping you know the admin. It's been my experience that sometimes you will be persecuted more for finding out then not telling at all. Could be just my school however, seeing as our IT staff aren't the sharpest pencils in the box and look at anything they don't know as bad..Originally posted by Hextic
Anonymous email is always nice.- Programmer -Comment
-
I know the admon from the time I demonstrated the dangers of having the DeepFreeze image automatically downloaded by making all the computers in the school's screensaver a slideshow of screenshots of how I did it. And the time that I buffer overflowed Apache and upgraded it for him...Originally posted by d3ad1ysp0rkThere once was a Windows box with no firewall. Keyword is, there once was.
Comment
-
Where in New York are you from Hextic?Comment
-
I am in western Long Island, you? (Due to privacy concerns, I will not give out my exact location, just that I am somewhere in western Long Island.)Originally posted by mikedc1760There once was a Windows box with no firewall. Keyword is, there once was.
Comment
-
Don't worry; we'll find you if we need you.Originally posted by Hextic
Note to mikedc1760: In case you wanted to keep private conversations private, Hextic responds to Private Messages. In case you don't, I don't wish to see private conversations. And yes, I do realize the hypocrisy of this response.
Comment
-
No, Long Island is a fine answer. I wasn't really looking for anything more. I was just curious because I never saw anyone from New York here. I'm from Brooklyn.Comment
Comment