Since this is a slow news day, and I have an essay to handout tonight, I’ll just related one of my experiment I started yesterday. As I have more time, I will push further into the system.
While waiting for a friend, I decided to stop by the library to pass time. As I was there, I was immediately attracted to the nearest computer, the one away from the cameras. Some of the computers are accessible to anyone without need for user codes and passwords. These computers are there only for book searches. About everything is disabled on those computers. The only thing people have access to is an Internet Explorer 6 window giving access to the library’s website only. The window only has the Edition, Favorites and Help (“?”) menus. No address bar but the history can be accessed. There are no taskbar, Ctrl-Alt-Del and Alt-Tab are disabled, no desktop, and the Windows key doesn’t do anything. Trying to navigate to another website by following links won’t resolve. I didn’t had my warkey with me so I couldn’t test if the USB drives were working.
For certain people, i.e. the administrators of the network amongst others, this should be sufficient to prevent people from surfing porn sites and fore bringing the apocalypse on their network. Of course, it is not. First, let’s find a way to access something else. This can be easily done by using a dark and unexplored menu available in every program called the “Help” menu: Help > Index and Summary. This will open the HTML Help window. From there: Options > Internet Options.
Well that was simple enough right? But it’s not quite what I want. Most of the options are disabled. I can’t use the Temporary Internet Files > Parameters > Show Files/Objects to open an Explorer window. Those are disabled as well:
- General > Accessibility > Format Documents with my Stylesheet > Browse
- Confidentiality > Import
- Contents > Personal Information > Profile > OK > Numerical Identificators > Import
But those are all enabled:
- Contents > Access Manager > Activate > General > Rating Systems > Add
- Contents > Access Manager > Activate > Advance > Import
- Contents > Certificates > Certificates > Import > Next > Browse
- Contents > Certificates > Editors > Import > Next > Browse
Those options all open an Open File dialog box, from which of course, I can access about everything. First action is to open a command prompt by going to C:\Windows\system\system32 and executing the command prompt program. Up to here, it works. Now we can start to spot vulnerabilities….if needed.
Damn…no time left. Next time I need to get some info about the system. I should remember to:
1) See what is the default account the administrator uses for the users:
2) : Get the version of Windows XP they are using:
3) While at it, let’s note the version of Explorer they are using and some information about the network…
I should bring my warkey also, that would make things much easier…
Sorry for the lack of depth for tonight, I know this isn’t much, hopefully this will end up in a fully example of a simple attack against a network.