Jump to content

Recommended Posts

Posted (edited)

I am exploring the capabilities of the bash on windows and building POCs for circumventing user controls  (like in the last build you could simply 'tail ntuser.dat' and hard crash the entire box).  This file shows effective policies, so being able to do something like dump an array of executables that are in the disallowrun key is probably not desired for an admin.  Articles currently espouse the benefits, I want to make sure our folk clearly understand the risks and additional attack vectors exposed.

Edited by iamtheky

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Posted (edited)

Figured it out.  Not too terrible and fairly reliable in my testing, (though admittedly i dont know if all the various files im trying it on are of similar mixed formats).

$hFile = fileopen("NTuserPOL_Copy.txt", 16)
$sStr = fileread($hFile)
fileclose($hFile)

$count = 3
while 1
   If stringmid($sStr , $count , 2) = "" then exitloop
       If stringmid($sStr , $count , 2) < "20" then
          $sStr = StringReplace($sStr , $count , "  " , 1)
       EndIf
$count += 2
wend

FileWrite("testoutput.txt" , BinaryToString(StringStripWS($sStr , 8)))
msgbox(0, '' , BinaryToString(fileread("testoutput.txt")))

 

Edited by iamtheky

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...