Old trick - always works?
Cloud emulator Internet Explorer 9 in the Google Chrome browser window .
This story began with the fact that I was looking for an IE7 / 8/9 emulator to test one of the web projects, I needed to check how IE9 responds to the SSL certificate.
I checked the website - everything is fine, and after that I asked myself the question: what will happen if ....? And yes, I have nothing to do with the company above.
I am not a programmer at all, however I was impressed as an admin and really appreciated that the guys from this company were so “confused” and created a whole infrastructure based on VMWare technology. Indeed - optimized automatic creation of temporary virtual machines with pre-configured OS and software, and all this quickly, in the browser.
')
In my youth, my friends and I sometimes spent time in computer clubs - a classic story, from doing nothing, we looked for ways to make life easier for ourselves and put on an example of some kind of game around the admin (the person who accepted your money in exchange for playing time). Then one day I found a way to bypass the shell of the software that blocked access to everything except games — this was also the era of Windows 98 / Me in Russia.
Any program has a certificate, and in the computer clubs of the time there was a practice of uploading pirated movies on the network.
So WMP and VLC went to the list of available software, the trick was that, by invoking help, inside you could enter any URL at will. for example C: \
Then everything happened very quickly and simply, access to local drives, temporary unprotecting (Astalavista software seems), and a lot of pleasant things in the form of installing any software, games, and in general rampant - I do not know for what reasons the admin club gave admin rights to the usual to the user, it doesn't matter anymore - it was fun;)
The same emulator - a new look
Of course, since that time a lot of water has flowed, but traditionally - Microsoft improved the information and brought it almost to the ideal. Starting with MS Windows 7, you get intelligent help - after all, on request for example: the control panel, you can directly open the “Control Panel” in the help link. In some cases, even the local policy and tweaks hiding from the user drives, personal folders that prohibit the opening of certain system programs, etc., do not work ...
By default, the help in IE was disabled, but in the “Downloads” section, after I clicked on the review, the coveted “?” Icon appeared. After opening the required partition, I already had access to almost the entire system within the account of a regular “user without right”, even to the Windows Registry.
But there should only be a browser ...
There is never a lot of security, I spun up the GPO, cut tweaks, removed the rights to users, limited everything to the maximum, but in this case you just need to disable the ability to use help (cut the applet, or block the launch of help with tweaks).
Of course, by and large, there is little confusion from all these actions - this is a temporary virtual machine created from scratch, which will die in 15 minutes.
PS I notified the company providing this service that there was a vulnerability, but my Facebook post was removed (there was a screenshot asking to be contacted to provide information).
PPS If you find spelling errors - please email me at PM
Foreword
This story began with the fact that I was looking for an IE7 / 8/9 emulator to test one of the web projects, I needed to check how IE9 responds to the SSL certificate.
I checked the website - everything is fine, and after that I asked myself the question: what will happen if ....? And yes, I have nothing to do with the company above.
Tighten the nuts Uncle Stepa
I am not a programmer at all, however I was impressed as an admin and really appreciated that the guys from this company were so “confused” and created a whole infrastructure based on VMWare technology. Indeed - optimized automatic creation of temporary virtual machines with pre-configured OS and software, and all this quickly, in the browser.
')
In my youth, my friends and I sometimes spent time in computer clubs - a classic story, from doing nothing, we looked for ways to make life easier for ourselves and put on an example of some kind of game around the admin (the person who accepted your money in exchange for playing time). Then one day I found a way to bypass the shell of the software that blocked access to everything except games — this was also the era of Windows 98 / Me in Russia.
Any program has a certificate, and in the computer clubs of the time there was a practice of uploading pirated movies on the network.
So WMP and VLC went to the list of available software, the trick was that, by invoking help, inside you could enter any URL at will. for example C: \
Then everything happened very quickly and simply, access to local drives, temporary unprotecting (Astalavista software seems), and a lot of pleasant things in the form of installing any software, games, and in general rampant - I do not know for what reasons the admin club gave admin rights to the usual to the user, it doesn't matter anymore - it was fun;)
The same emulator - a new look
Of course, since that time a lot of water has flowed, but traditionally - Microsoft improved the information and brought it almost to the ideal. Starting with MS Windows 7, you get intelligent help - after all, on request for example: the control panel, you can directly open the “Control Panel” in the help link. In some cases, even the local policy and tweaks hiding from the user drives, personal folders that prohibit the opening of certain system programs, etc., do not work ...
By default, the help in IE was disabled, but in the “Downloads” section, after I clicked on the review, the coveted “?” Icon appeared. After opening the required partition, I already had access to almost the entire system within the account of a regular “user without right”, even to the Windows Registry.
But there should only be a browser ...
findings
There is never a lot of security, I spun up the GPO, cut tweaks, removed the rights to users, limited everything to the maximum, but in this case you just need to disable the ability to use help (cut the applet, or block the launch of help with tweaks).
Of course, by and large, there is little confusion from all these actions - this is a temporary virtual machine created from scratch, which will die in 15 minutes.
PS I notified the company providing this service that there was a vulnerability, but my Facebook post was removed (there was a screenshot asking to be contacted to provide information).
PPS If you find spelling errors - please email me at PM
Source: https://habr.com/ru/post/231849/
All Articles