Jump to content
Nytro

Breaking out of Restricted Windows Environment

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Breaking out of Restricted Windows Environment

 

Many organizations these days use restricted windows environment to reduce the surface of vulnerability. The more the system is hardened the less the functionalities are exposed.

 

I recently ran across such a scenario, where an already hardened system was protected by McAfee Solidcore. Solidcore was preventing users from making any changes to the system like installing/un-installing softwares, running executables, launching applications etc.

The system (Windows 7) which I was testing, boots right on to the application login screen while restricting access to other OS functionalities.

I could not do anything with that system except for restarting it. I spent a whole week in gathering information about the application and the system, which includes social engineering as well 😛

 

And then I got an entry point to start with. The credentials to login to the application(that gave me headache for one week) was available on Internet (thanks to Google dork). The credential I got was admin credential.

After logging in to the application there was no way to get out of the application and get in to the base system. The application was so well designed that there was not a single way to get out of it. Then I found an option in the application to print some document.

Then clicked on print-->printer settings-->add a printer-->location-->browse location

 

blog1

 

and I got access to file browser of host machine. Every windows file explorer has a windows help option which provides free help about windows features. It was possible to open command prompt from the help option.

 

blog2blog3

 

I was only able to open command prompt but not any other windows application. Even after getting access to command prompt I was unable to do any changes in the system(not even opening a notepad). Every windows application that I tried to open, ended up with the following error message:

 

picture4

 

The error was very clear that the application is blocked and it can either be enabled from registry editor or group policy editor. However I did not have access to both of them. Solidcore was blocking access to any of those. So I used the following batch script to enable task manager. The script was used to modify the registry key(though I didn’t have any idea if it was actually blocked from registry editor or group policy editor):

 

picture5

 

And to my surprise I was able to unlock task manager. Similarly  I was able to unlock and open control panel. My main objective was to disable or uninstall Solidcore as it was restricting the desktop environment. But then the system kept on giving me challenges. I was able to uninstall any software except for Solidcore.

 

are-you-serious-wtf-meme-baby-face

 

Then there was only one way left to disable Solidcore / enable installation of other software and that was “Group Policy Editor“. However I didn’t have direct access to gpedit. I used the following way to get access to gpedit:

Open Task manager-->File -->New task-->Type MMC and enter

This opened Microsoft Management Policy

In mmc File-->Add/Remove snap-in--> Select Group Policy Objects and click on add

 

picture6

picture7

 

After this I was able to perform numerous actions like enabling blocked system applications, allowing access to Desktop, disabling windows restrictions etc. However my main objective was to disable Solidcore and find out a way to run any windows executable.

Group Policy editor provides an option to run/block only allowed windows software. And this policy can be set in the following way:

Group Policy editor-->User Configuration > Administrative Templates > System

On the right side there's option "Do not run specified windows applications". Click on that:

Edit-->Select Enabled-->Click on show list of disallowed applications--> then add the application name that you want to block(in my case it was solidcore). Then click "Ok" .
To apply changes I restarted  my system. In the same way it was possible to enable list of allowed applications that can run in windows(a malicious software as well).

 

picture8

 

And that’s how I was able to break out of a completely restricted desktop environment

 

Sursa: https://weirdgirlweb.wordpress.com/2017/06/14/first-blog-post/

  • Thanks 1
  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...