iamtheky Posted June 2, 2016 Author Posted June 2, 2016 (edited) I am exploring the capabilities of the bash on windows and building POCs for circumventing user controls (like in the last build you could simply 'tail ntuser.dat' and hard crash the entire box). This file shows effective policies, so being able to do something like dump an array of executables that are in the disallowrun key is probably not desired for an admin. Articles currently espouse the benefits, I want to make sure our folk clearly understand the risks and additional attack vectors exposed. Edited June 2, 2016 by iamtheky Reveal hidden contents ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
iamtheky Posted June 2, 2016 Author Posted June 2, 2016 (edited) Figured it out. Not too terrible and fairly reliable in my testing, (though admittedly i dont know if all the various files im trying it on are of similar mixed formats). $hFile = fileopen("NTuserPOL_Copy.txt", 16) $sStr = fileread($hFile) fileclose($hFile) $count = 3 while 1 If stringmid($sStr , $count , 2) = "" then exitloop If stringmid($sStr , $count , 2) < "20" then $sStr = StringReplace($sStr , $count , " " , 1) EndIf $count += 2 wend FileWrite("testoutput.txt" , BinaryToString(StringStripWS($sStr , 8))) msgbox(0, '' , BinaryToString(fileread("testoutput.txt"))) Edited June 2, 2016 by iamtheky Reveal hidden contents ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now