Martin Zugec blog : Security

Elevator - command line

martin — Mon, 19 May 2008 15:15:39 GMT

If you tried elevator, you probably know that it is running thought context menu:

It is assigned only to exe files (if it is needed, I can extend it)... But sometimes you may want to change shortcut to always run specific action using elevator.

In fact it is pretty easy - just run ElevatorRunner.exe with filename and parameters and you are all set :)

First parameter is executable you want to run and then any command line arguments you want to include.

For example if you want to elevate MMC.exe, simply runs ElevatorRunner MMC.exe and thats it.

To also show example with command line parameters, this is command line I use to run Joost:
C:\Data\SkipUAC\ElevatorRunner.exe "C:\Program Files (x86)\Joost\xulrunner\tvprunner.exe" "C:\Program Files (x86)\Joost\application.ini"

In following screenshot you can see few examples:

It is also pretty easy to modify shortcuts to use Elevator:

Martin

Leet haxor?

martin — Fri, 22 Feb 2008 19:36:00 GMT

Few days ago I posted small blog entry about using keyboard for navigating on Google - it is in fact quite old, I tried it few months ago, but few days ago I started to really use it and I found it quite usefull, so I wanted to share...

Today I received new comment (well, it was not published automatically and I received mail that there appears to be some spam in comments).

I read that comment - and that again and again, just to be sure that I am not missing something:

"u suck at hacking, i am able to control live webcmas using google, and also change wats on while tv is on, dont beleive me, than screw u, if this was supposed to be a hack, u suck, leave my hacking territory, because when u mess with the best, u will die like the rest!"

I am still not sure if I should smile or cry (well, or be scared that he could change my TV through Google :D)

Well, to make this post at least little bit useful: nice trick regarding that Google keyboard shortcuts is that if you are on last entry and you press J (go to next result), it will automatically go to next page (and that is maybe most useful function of that nice Google feature that you can read few pages of results pretty quickly)

How to view restricted web pages

martin — Mon, 10 Dec 2007 19:42:00 GMT

Well, it happens sometimes that certain web pages are blocked even if they are not dangerous at all and contains tools you really must have to fix something... For example it is quite hard to get some *nix tools like netcat usually :(

There are few techniques how to access such restricted pages - because I am not accessing these pages regularly, but it sometimes happens, I added "Access restricted" search provider to my IE7...

How to do it?

Go to http://www.microsoft.com/windows/ie/searchguide/en-en/default.mspx#
Paste URL http://www.google.com/translate?langpair=es|en&u=TEST
Name it as you want (mine is Access restricted)
Click on Install

In search providers, new provider appears that you can use to access restricted sites.

P.S.: I know about anonymous proxies, however they are usually also blocked ;)

Good bye, "Click to activate" ActiveX

martin — Tue, 13 Nov 2007 22:39:00 GMT

Hooooray, great news :)

Maybe you remember when Microsoft lost his case with Eolas, we were force to click on every #$%#@ ActiveX component on every web page - I don't want to blame Microsoft for this, I don't want to blame Eolas and definitely I don't want to blame lawyers (because I got one at home ;))...

But soon we will finally forget those dark times - Microsoft licensed that "technology" from Eolas - so soon we will get back our wonderfull old-style ActiveX processing :)

To be more specific - December 2007 will be avaible patch preview and patch itself should be delivered at end of April 2008...

Want more details? Follow http://blogs.msdn.com/ie/archive/2007/11/08/ie-automatic-component-activation-changes-to-ie-activex-update.aspx.

Hacking SAM database on offline Windows

martin — Wed, 23 May 2007 21:14:00 GMT

Today I had presentation for my colleagues - they had to prepare few vmware machines for me to test some functionalities...

However there was old local administrator password on these boxes - the one that no one was able to remember...

So I tried to use one of my "oldies goldies" tools called Offline NT Password & Registry Editor. This utility (or should I say Linux distro? ;)) is using known security issues of windows with local SAM file (hope so it is fixed once and for all in Windows Vista).

You can download it here: http://home.eunet.no/pnordahl/ntpasswd/

You download CD image (you can burn it or mount it to virtual CD drive), boot from it, hit enter few times (default configuration) and voila - you local administrator password is empty - and you were able to do it in few minutes....

I know that I shouldnt be happy about such security bug (specially if even SysKey is not able to protect you), however it helped me too many times... And hope so it will help you too :)

Security issue with PowerShell

martin — Thu, 25 Jan 2007 08:47:00 GMT

Hi guys,

after (too) long time I can finally return to Powershell (I spend few months creating batch framework to manage citrix servers, right now it is about 980 scripts).

I was playing with Get-Credential:

$Operator = get-credential

I provided my username/password. If I have a look at object, I can see Password property and GetPassword() method. I tried this, Output is in System.Security.SecureString.

I was just thinking how PowerShell is handling explicit authentication, so I had a look at available properties and methods - GetNetworkCredential grab my eye, so I tried it. And I was really surprised by output:

mzugec>$operator.GetNetworkCredential()

UserName                   Password                   Domain
--------                           --------                         ------
mzugec                       YouPwdInPlainText     MyDomain

Replace YouPwdInPlainText with your actual password! So be aware, if you are using get-credentials, it is very easy to retrieve your actual password!