topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday April 18, 2021, 10:08 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - PhilKC [ switch to compact view ]

Pages: prev1 2 [3] 4next
51
Right, that error means you don't have the latest .NET framework:

http://www.microsoft...5&DisplayLang=en

Oh, and your comment about the directories... it can add directories now :)

Two ways of adding a DIR:

DIR:C:\

Will add all files in C:\

DIRS:C:\

Will add all files in C:\ and all subdirectories (DO NOT ADD \WINDOWS\ TO THE LIST)

PhilKC

52
Aaaaand, done!

http://bluescreenofd...o.uk/Programs/Locker

Each line of the config file should contain a file to lock, click Re-Lock and you're done. It locks all files when it loads too, it doesn't need to be installed so you can run the exe and config file from anywhere. It's only 10KB big, and shouldn't have any problems loading huge files... Have fun :D

EDIT: Yay, it now supports directories, example:

DIR:C:\My music
C:\important file.txt

Would lock all files in C:\My music\ and C:\important file.txt

PhilKC

53
Well, a simple program which keeps the file 'open' would be the easy way. I'll chuck some code together :)

PhilKC

54
Post New Requests Here / Re: .EXE extention changer
« on: December 24, 2005, 03:11 PM »
Or just remove the .exe protection crap?

1) What you could do is rename the file before sending it. For instance, call it readme.txt, send it over and then tell the person on the other end to rename it back to whatever it used to be.

2) Method number one is somewhat tedious if you transfer files regularly. That's why wtbw made us a quick and easy patch that enables the blocked file types again by marking them "safe" after all. Download File Extension Unblocker, launch it and restart MSN Messenger completely. Now if you share File Extension Unblocker with your contacts, you'll hardly notice any obstruction when transferring files over MSN Messenger.

3) If you're using MSN Messenger 7.0.0777 (the final release), you can also use Mess Patch to enable the transfer of "potentially unsafe files" again. Download Mess Patch and in the Conversation Window Options, make sure you check the Remove File Transfer Blocked Extensions tweak. Of course, you can select all the additional Mess Patch tweaks of your choice.

4) Another method to transfer blocked files is to use the File Sharing application from the Activities pulldown menu in your conversation window [thanks to: BenB].

From: http://www.mess.be/m...transfers_again.html

PhilKC

55
Looks like something to eat CPU cycles while all it does is relay text...

* PhilKC sticks to his normal Windows messenger, 2MB of RAM usage :D

PhilKC

56
Well, I don't 'do' AutoHotKey, but, surely it allows you to check for directories?

C# code:

if ((Directory.Exists("D:\\data\\program files\\Autohotkey\\daily")) && (! File.Exists("D:\\data\\program files\\Autohotkey\\daily\\" + The_Date + ".txt")))
{
       Backup();
}

English code:

If the directory exists, but the file doesn't, backup...

Edit: IDEA! Put another file, "check.me" on the drive, and only run the backup if it finds that file AND not the other file...

PhilKC

57
Living Room / Re: google holiday images
« on: December 22, 2005, 09:47 AM »
here's todays, maybe yesterday's is up somewhere?

Click it! (Well, the one on http://google.com)

PhilKC

58
Living Room / Re: NSFW-Yahoo news really neads an editor
« on: December 21, 2005, 02:19 AM »
...

PhilKC

59
General Software Discussion / Re: Program Wanted
« on: December 19, 2005, 10:50 PM »
Kill the Windows Update process wu*a*, or something similar.

EDIT: wuauclt.exe

PhilKC

60
General Software Discussion / Re: Looking for a few beta testers
« on: December 15, 2005, 10:27 AM »
Good to hear :)

PhilKC

61
Post New Requests Here / Re: IDEA: explorer.exe auto-restarter
« on: December 15, 2005, 07:14 AM »
Phil, is that the TSKill that comes with XP.

Yesum...

PhilKC

62
Post New Requests Here / Re: IDEA: explorer.exe auto-restarter
« on: December 15, 2005, 07:10 AM »
TSKILL link:

http://bluescreenofdeath.co.uk/Programs/TSKILL.exe

<3 My new domain

Put it in system32 and it should be runnable from the command promt...

PhilKC

63
Post New Requests Here / Re: IDEA: explorer.exe auto-restarter
« on: December 08, 2005, 04:24 AM »
I'd like to add code to my AHK script to always restart explorer.exe maybe 20 seconds after it died or after I had to kill it. Windows should restart it automatically, but often does not  :(

What do you think? And what would be the best way to do this?

Well, XP? use

TSKILL Explorer

And windows will always restart it...

Other Windows based systems? Download TSKILL and use the above method :P

Edit: WTF, why is the : P smiley so messed up?

PhilKC

64
DCOM is rather needed, i wouldn't disable it...

Just disable the I-Pod Service?

PhilKC

65
Holy smokes batman, that's a lot of processes...

TSKILL * /ID:Carol /V

Try running that a few times, then try to shutdown and see how it goes... (This isn't a permanent solution, just 'debugging')

PhilKC

66
How about PrtScr'ing your TaskManager and Services.msc setup? :)

PhilKC

67
Errr, it is actually possible the full format went... Wrong (Bad copy of files, etc)... Take 2?

(Would a 'How to format and recover' acticle be of any interest to anyone here? *opens notepad*)

PhilKC

68
Official Announcements / Re: Some charts showing site statistics
« on: December 03, 2005, 06:09 AM »
The second and third one really shows the site is growing exponentially. :D

PhilKC

69
Finished Programs / Re: IDEA: auto key hitter
« on: December 02, 2005, 11:27 PM »
I'm playing a game and need to make potions.
i have to sit here and hit the f4 key once every 1 sec. (it's got a spell cool off time T.T)

if someone can write a program that automatically "hits" the f4 key every second, it would be GREAT help~

A lot of games will ban you if found using macro tools :P

Edit: WTF is up with that smiley? It's supposed to be : P (without the space)

PhilKC

70
General Software Discussion / Re: Reformat iPod without ipod updater?
« on: December 02, 2005, 11:03 PM »
Well, it is just a disc drive, so, you _COULD_ format it using window's build in formatter, but, if you wish to retain it's ability to play mp3s, that probably won't work. However, I have formatted mine with the for-metioned method, and then again with the Apple formatter, and, it worked for MP3s, so, there is little if any chance of doing permanent damage by trying the standard format option.

PhilKC

71
Damnit! I should have paid more attention in school, *goes off to learn German*

PhilKC

72
General Software Discussion / Re: Firewalls, What you need to know...
« on: December 02, 2005, 04:40 AM »
However, it's very important to realize that no matter how good your firewall is, if you actually launch an evil program on your computer, you have lost.

And with the increase in IM programs being used to transmit Virii through a trusted source (your friend), it's becoming very difficult to know what's evil...

one way to thwart this attack is to rename that key if its not used for anything important.. the basic attack though could easily use other ways to locate common browser installations.

As you said, "this" attack... If the source was closed, and this was in compacted c++, there would be no way to know the key... We (computer users) need a solution, and, in my eyes, it's the firewall makers whom are lagging behind

PhilKC

73
General Software Discussion / Re: Firewalls, What you need to know...
« on: December 02, 2005, 04:12 AM »
If you don't want the hassle of contacting MS there are plenty of security watchers out there with direct MS contacts that would probably do it for you.

I know of one or two people in Microsoft, but, the problem is, patches take months, years sometimes to come out, hence, i'm throwing it open to the community, maybe they can find a good fix...

PhilKC

74
General Software Discussion / Re: Firewalls, What you need to know...
« on: December 02, 2005, 04:02 AM »
Sygate Firewall Pro (yes the dead one which I have reinstalled after more bad experiences with ZoneAlarm) managed to pass this test provided there wasn't an Internet Explorer based browser window open at the time.

It pases the level 6 option? Impressive if so... As for talking to microsoft? "Oh, hello Mr Brick Wall, how are you today..."

PhilKC

75
General Software Discussion / Firewalls, What you need to know...
« on: December 02, 2005, 02:48 AM »
Right, first thing... Get a comfy chair, this is going to be a long post, it's also 6am, and I've been working all night, so, don't expect this to be perfect, I've probably left huge chunks out... BAH  :(...

First, a slight note, I've been asked by a lot of people why they need a firewall if they own a router with NAT. Well, this post, and the tool I supply with it, should explain it. But, as a quick explanation, NAT only prevents incoming connections, not outgoing. :)

Now, onto the main topic, firewalls...

I'm not going to be talking much about a firewalls ability to keep 'hackers' out (although the scare tactics used by some which count port scans as 'Attacks' do annoy me), rather, the ability (or lack) of the firewall to stop a program connecting to the Internet. Why is this so important? Well, every time you download an exe, the first thing it could do is to collect data about you (very easy) and then send it back to a server. That process would take less than a second normally, meaning you have no way to stop it unless you have a firewall...

So, let's extend on that and use it as an example;

0.You have downloaded a small application, thinking it was a game
1. Because it is relatively new/unknown, it is not picked up by your anti virus
2. It brings up a game to distract you
3. It checks the windows registry, browser logs, etc for data
4/5. It creates a connection to it's owners server
4/5. It sends the data

Starting at 0, there is little you can do, if it's advertised as a game, it looks innocent.
Then, moving onto 1 we see the first major myth: Most viruses are picked up by scanners. This is simply wrong, a scanner can only detect known threats and use basic heuristics meaning that if someone where to make a virus today, not one anti virus would detect it. It is essential that you keep your anti virus updated, and that you are using a service which is updated in the first place.
2. A simple tactic, while you watch/play, it delivers it's payload (3, 4 and 5)...
3. These checks won't be detected by any registry 'protection' software, as it does not write to the registry, only read. As mentioned, this step will take less than a second to complete if the code is optimised.
4. This is the first (and ONLY) chance your firewall gets to stop the application. If you do not have a firewall, or it fails to detect this stage it will go straight to 5, otherwise you will be prompted as to the action you want to take, this is the main function I will be talking about.
5. If a connection is made, then, in literally no time, the data is sent, and whatever information the attacker wanted, is theirs.

Now, at step 4, a lot of things happen, and there are a lot of ways those things can happen.

The overall idea of step 4 is to connect to, and send (as part of step 5) the requested information, the simplest way is for the application to try and connect directly and send the data directly too, but, of course, this is picked up by firewalls, and promptly rejected (Assuming the user does not think the program needs to access the internet (Which comes under 'rules' which I will discuss later)). However, there are several other ways for the program to get it's 'message' sent. It could launch your favorite browser, and send the data like that (Again, that will be covered in rules), or, it could launch any application on your computer and use that to send the data, all of this can be done silently too.

Now, rules, they are designed to make your life easier, but, I personally despise them. For example, you allow Firefox.exe access to the internet so it doesn't bug you every time you browse to a page. Well, what if the attacker programmed the application to run Firefox to send the data back? Then, you have a problem, one that, as far as I am aware, is not solvable... You could ask your firewall to ask every time Firefox connects to anyhere, for EVERY connection, but, no one has that much patients. How about allowing Firefox only until you close the browser? That's fine unless you have Firefox open when you run the application, which if you had just downloaded it, you probably would have.

So, you see, ONE rule, for ONE application, especially a browser, is a huge security risk.

I have made a small application, using the Microsoft .NET 2 Framework ( http://www.microsoft...5&DisplayLang=en ) which is designed to test what I call 'Water Bombing', the act of making your firewall, useless to an extent by using multiple methods. It's worth noting that this application is only 113 lines of code, and it does not affect your system in ANY way... If this were a real 'phone home' device, it would have functions to kill firewalls/anti viruses etc... It will attempt to connect a page on my server using normal methods for tests 1 and 2, but 3, 4 and 5 use browsers, to show the potential problem. Finally, 6, the 'Water Bomb' attack uses a combination of all the above techniques to try to connect. If your firewall fails just one of those tests, you need to think seriously about the implications...

http://tanyvska.co.uk/Water%20Bomb (You only need the exe, the txt is the file the program tries to get to (check the source))

Please do post your results of the application, and the firewall you use.

On a side note, the XP SP2 firewall, yay or nay? NAY... Here is a simple code snippet in C++ which would render the XP firewall useless (but NOT disable it, so, no warning messages)

for(int i=1; i<65536; i++) {
system("netsh firewall add portopening ALL " + i + " Windows");
}

There, 3 lines of code, and your beloved XP SP2 firewall is rendered _totally_ useless...

Back on to 'Water Bombing', I asked mouser to test this program first, and, using traditional methods, it would have failed on 3, 4 and 5... However, mouser is a clever little devil, and used his BrowserTraySwitch application to defeat it from loading a real browser and I assume he had otherwise disabled IE. However, when the 'Water Bomb' test was run, it managed to get through, in his own words:
"first firewall leak test to beat me in fact"
This is not an issue to be taken lightly, the attacker does not need to know a huge ammount of a language to make an application that uses these techniques.

As for a solution to 'Water Bombing', well, I don't see one... But, rest assured, the first firewall to protect a user against these tactics without huge amounts of configuration/hassle will be getting a nice little review. ;)

Relying on a firewall is dangerous, I hope this has made people see that.

Whew! All done, Thank you for your time, I hope I've given you something to think about, and, who knows, if mouser doesn't mind me spamming his forum ever week or so, I might do something like this every now and then. :)

Oh, and here is the source to the 'Water Bomb' testing program...

#include "stdafx.h"

using namespace System;
using namespace System::Diagnostics;
using namespace System::Net::Sockets;

int main(array<System::String ^> ^args)
{
Console::Title = "Water Bomb [1.00] by PhilKC";
String^ mainMenu = "Water Bomb firewall tester, created by PhilKC [1.00]\n\nModes of operation:\n\n0: Info\n1: Try to access the internet directly using a TCPClient\n2: Try to access the internet directly using a WebClient\n3: Try to access the internet via the default browser\n4: Try to access the internet via IE\n5: Try to access the internet via IE being launched via CMD\n6: 'Water Bomb' test (Methods 1, 2 and a special browser call)\n\nA malicious program trying to 'Phone home'\nwould probably be best replicated using 6\n\nPlease select your choice: ";
String^ checkURL = "http://tanyvska.co.uk/Water%20Bomb/Data.txt";
Start:
Console::Clear();
Console::Write(mainMenu);
String^ method = Console::ReadLine();
if (method == "0") {
Console::Clear();
Console::WriteLine("This application is designed to dispel myths that firewalls or routers\ngive 'enough' protection...\n\nIf this application can produce the word 'FAILED', just once,\nthen it consider this:\n\nNO information is sent from your PC (only requests for pages on my server),\nhowever, the data that is sent (As part of the requests), could have\nbeen passwords, credit cards, anything...\n\nIf you do find a firewall which protects you against the level 6 'Water Bomb'\nplease E-mail me: [email protected] as I'm always interested\nto know which firewalls do the best...");
Console::WriteLine("\nPress Enter to continue");
Console::ReadLine();
goto Start;
}
else if (method == "1") {
String^ method1Text;
TcpClient^ Client = gcnew TcpClient();
try {
Client->Connect("tanyvska.co.uk", 80);
method1Text = "Data transmitted and recieved (FAILED)";
}
catch (SocketException^ Ex) {
method1Text = "No data retrevied (PASS) Full error:\n" + Ex->ToString();
}
Console::WriteLine("\n" + method1Text + "\n\nPress Enter to continue");
Console::ReadLine();
goto Start;
} else if (method == "2") {
Net::WebClient^ method2 = gcnew Net::WebClient();
method2->Headers->Add("user-agent", "Water Bomb (Method 1)");
String^ method2Text;
try {
method2Text = Text::Encoding::ASCII->GetString(method2->DownloadData(checkURL));
}
catch (Net::WebException^ Ex) {
method2Text = "No data retrevied (PASS) Full error:\n" + Ex->ToString();
}
Console::WriteLine("\n" + method2Text + "\n\nPress Enter to continue");
Console::ReadLine();
goto Start;
} else if (method == "3") {
Process^ method3 = gcnew Process();
method3->StartInfo->FileName = checkURL;
Console::WriteLine("\nNow launching...");
method3->Start();
Console::WriteLine("\nIf a browser did not open with \"Data transmitted and recieved (FAILED)\" then consider it a PASS\n\nPress Enter to continue");
Console::ReadLine();
goto Start;
} else if (method == "4") {
Process^ method4 = gcnew Process();
Microsoft::Win32::RegistryKey^ rk = Microsoft::Win32::Registry::LocalMachine->OpenSubKey("SOFTWARE\\Clients\\StartMenuInternet\\iexplore.exe\\shell\\open\\command");
method4->StartInfo->FileName = rk->GetValue("")->ToString();
method4->StartInfo->Arguments = checkURL;
method4->Start();
Console::WriteLine("\nIf a browser did not open with \"Data transmitted and recieved (FAILED)\" then consider it a PASS\n\nPress Enter to continue");
Console::ReadLine();
goto Start;
} else if (method == "5") {
Process^ method5 = gcnew Process();
method5->StartInfo->FileName = "CMD";
method5->StartInfo->Arguments = "/c \"\"%ProgramFiles%\\Internet Explorer\\iexplore.exe\" http://tanyvska.co.uk/Water Bomb/Data.txt\"";
method5->Start();
Console::WriteLine("\nIf a browser did not open with \"Data transmitted and recieved (FAILED)\" then consider it a PASS\n\nPress Enter to continue");
Console::ReadLine();
goto Start;
} else if (method == "6") {
TcpClient^ Client = gcnew TcpClient();
try {
Client->Connect("tanyvska.co.uk", 80);
Console::WriteLine("\nMethod 0: Data transmitted and recieved (FAILED)\n");
}
catch (SocketException^ Ex) {
Console::WriteLine("\nMethod 0: No data retrevied (PASS) Full error:\n" + Ex->ToString() + "\n");
}
Net::WebClient^ method61 = gcnew Net::WebClient();
method61->Headers->Add("user-agent", "Water Bomb (Method 1)");
try {
Console::WriteLine("Method 1: " + Text::Encoding::ASCII->GetString(method61->DownloadData(checkURL)) + "\n");
}
catch (Net::WebException^ Ex) {
Console::WriteLine("Method 1: No data retrevied (PASS) Full error:\n" + Ex->ToString() + "\n");
}
Microsoft::Win32::RegistryKey^ rk = Microsoft::Win32::Registry::LocalMachine->OpenSubKey("SOFTWARE\\Clients\\StartMenuInternet");
System::Collections::ArrayList keyList = gcnew System::Collections::ArrayList;
for each(String^ subkey in rk->GetSubKeyNames()) {
keyList.Add(subkey);
}
for(int i=0; i<keyList.Count; i++) {
rk = Microsoft::Win32::Registry::LocalMachine->OpenSubKey("SOFTWARE\\Clients\\StartMenuInternet\\" + keyList[i] + "\\shell\\open\\command");
Process^ method5 = gcnew Process();
method5->StartInfo->FileName = rk->GetValue("")->ToString();
method5->StartInfo->Arguments = checkURL;
method5->Start();
}
Console::WriteLine("If browsers did not open with \"Data transmitted and recieved (FAILED)\" then consider it a PASS\n\nPress Enter to continue");
Console::ReadLine();
goto Start;
}
else {
Console::WriteLine("\nInvalid selection" + "\n\nPress Enter to continue");
Console::ReadLine();
goto Start;
}
    return 0;
}

PhilKC

Pages: prev1 2 [3] 4next