Jump to content
prosoft

Batch command competition

By prosoft, in Challenges (CTF)

Recommended Posts

prosoft Newbie

prosoft

Posted
Posted

You must find a batch command to disable in windows xp sp2 the DEP (Data Execution Prevention) service.The command must be executed from Start>Run>cmd or from a batch file (.bat) like other command (eg: netsh firewall show config, netstat ..)

prosoft Newbie

prosoft

Posted
  • Author
Posted (edited)

Must say that we have a possible winner nosph3rat...please demonstrate that you can do this from a batch file (.bat) without any keyboard pressing, with a normal execution of batch, and you will be graduate for this.

Edited by prosoft
cmiN Newbie

cmiN

Posted
Posted

The script have two options:

E - Enable Data Execution Prevention

D - Disable Data Execution Prevention

And the Batch http://pastebin.com/f42125692

@echo off
:: 29.08.2009 <> 29.08.2009 | cmiN
:: Challenge [Batch] Bcc DEP [prosoft] @ rstcenter.com


:main

cd %systemroot%
cd ..
echo E - Enable Data Execution Prevention
echo D - Disable Data Execution Prevention
set /p answer=
if "%answer%"=="E" (
    set status=noexecute
    goto replace     
)
if "%answer%"=="D" (
    set status=execute
    goto replace
)
echo Invalid option!
pause >nul
exit


:replace

type nul>boot.tmp
for /f "tokens=1,2* delims==" %%a in (boot.ini) do (
    if "%%b"=="" (
        echo %%a>>boot.tmp
    ) else (
        for /f "tokens=1,2 delims=/" %%x in ("%%b") do (
            if "%%y"=="noexecute" (
                if "%%c"=="" (
                    echo %%a=%%x/%status%>>boot.tmp
                ) else (
                    echo %%a=%%x/%status%=%%c>>boot.tmp
                )
            ) else (
                if "%%y"=="execute" (
                    if "%%c"=="" (
                        echo %%a=%%x/%status%>>boot.tmp
                    ) else (
                        echo %%a=%%x/%status%=%%c>>boot.tmp
                    )
                ) else (
                    if "%%c"=="" (
                        echo %%a=%%b>>boot.tmp
                    ) else (
                        echo %%a=%%b=%%c>>boot.tmp
                    )
                )
            )
        )
    )
)
attrib -s -h -r boot.ini
del boot.ini /f /q
ren boot.tmp boot.ini
attrib +r +h +s boot.ini
echo Ready.
pause >nul
exit

If you want to do this without pressing a key delete from lines [10:23].

But I can't believe it's so easy in Python:


import os

os.chdir(os.getenv("systemroot")[:3])
os.system("attrib -s -h -r boot.ini")
with open("boot.ini", "r") as f:
    x = f.read().replace("noexecute", "execute")
    open("boot.ini", "w").write(x)
os.system("attrib +r +h +s boot.ini")

cmiN Newbie

cmiN

Posted
Posted

Put the code in a .bat text file and 100% will work from any path, I have xp sp3 and I don't think to be a major difference. I've tested manually!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...