Gl.ib.ly - Security http://gl.ib.ly/ (glibly); Just another techie blog. en Serendipity 1.3.1 - http://www.s9y.org/ Sat, 07 Feb 2009 00:11:20 GMT http://gl.ib.ly/templates/default/img/s9y_banner_small.png RSS: Gl.ib.ly - Security - (glibly); Just another techie blog. http://gl.ib.ly/ 100 21 The command prompt has been disabled by your administrator? http://gl.ib.ly/archives/22-The-command-prompt-has-been-disabled-by-your-administrator.html One liners Security http://gl.ib.ly/archives/22-The-command-prompt-has-been-disabled-by-your-administrator.html#comments http://gl.ib.ly/wfwcomment.php?cid=22 2 http://gl.ib.ly/rss.php?version=2.0&type=comments&cid=22 nospam@example.com (Tariq) I came across an old enough post on Didier's blog about <a href="http://gl.ib.ly/exit.php?url_id=46&amp;entry_id=22" title="http://blog.didierstevens.com/2007/11/28/quickpost-disableamd-disableregistryfools/trackback/" onmouseover="window.status='http://blog.didierstevens.com/2007/11/28/quickpost-disableamd-disableregistryfools/trackback/';return true;" onmouseout="window.status='';return true;">Group policies that have disabled cmd.exe from running</a>. Didier mentions a few ways to get cmd.exe to run. The suggestion I like the most is to find the <i>DisableCMD</i> string in cmd.exe and change it to <i>DisableAMD</i> using a hex editor. Thankfully there is a tool which will allow us to patch cmd.exe in one tiny line. <br /><a href="http://gl.ib.ly/archives/22-The-command-prompt-has-been-disabled-by-your-administrator.html#extended">Continue reading "The command prompt has been disabled by your administrator?"</a> Thu, 05 Feb 2009 08:10:00 -0700 http://gl.ib.ly/archives/22-guid.html cmd.exe gpo one liners patch security sfk swiss file knife windows xxd Adding a malicious system call to the Linux kernel http://gl.ib.ly/archives/2-Adding-a-malicious-system-call-to-the-Linux-kernel.html Security http://gl.ib.ly/archives/2-Adding-a-malicious-system-call-to-the-Linux-kernel.html#comments http://gl.ib.ly/wfwcomment.php?cid=2 2 http://gl.ib.ly/rss.php?version=2.0&type=comments&cid=2 nospam@example.com (Tariq) Today I am adding a malicious system call to the Linux kernel which will allow the caller to do something they cannot normally do in user mode. When attacking a Linux box our goal is usually to become root; as root we can do anything we like, so the system call I will add to the Linux kernel gives the caller real and effective user ids of zero.<br /> <br /> There are relatively few tutorials out there on how to do this, unfortunately there a little differences between versions of Linux that can easily stump beginners, so this tutorial tries to give you an environment which you can easily replicate using a virtual machine and go through the tutorial.<br /> <br /> <br /><a href="http://gl.ib.ly/archives/2-Adding-a-malicious-system-call-to-the-Linux-kernel.html#extended">Continue reading "Adding a malicious system call to the Linux kernel"</a> Thu, 11 Dec 2008 08:21:00 -0700 http://gl.ib.ly/archives/2-guid.html computer security kernel linux mssf opensuse rootkit security system call virtual pc