• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 712
  • Last Modified:

GPEdit ByPass

Hey Hey,

i have Question , may some expert answer this ? this Article is right or false, but with explanation ?!

Thanks

----------------------------------------------------------
You can bypass GPEdit very easy.

You must search in taskmgr for Current User programs, like:
ypager.exe or iexplorer.exe

You must rename your file to ypager.exe or iexplorer.exe, after do this, your program run very easy.

If you write a trojan and you want execute binded file or other things, you must use from WinExec command, This command can execute all programs without any locks.
-----------------------------------------------------------
and
-----------------------------------------------------------
Some cafenets and other places by change gpedit settings can lock exe in windows, and you can't run your execute files.

When you want lock a exe file by gpedit, you need only process name without any path and address. (this is gpedit bug)

You can change your new files to ypager.exe,iexplorer.exe and other files in tasklist (current user).

When your file name changed to ypager.exe or other names, your file can be run.
----------------------------------------------------------

but guys, i need Security Explanation, thanks
0
tourajam
Asked:
tourajam
  • 3
  • 2
1 Solution
 
tourajamAuthor Commented:
there is no person to answer this question ? ???????????
0
 
Keith AlabasterCommented:
Its an interesting point and yes, if the administrator of your system has allowed you read/write access to these areas (where the executables reside) it is obviously possible.

It is no different, in part, to the fact that even with a locked down system, a user can install a 16-bit application on to his PC as it will likely use an .ini file as a control rather than make alterations to your registry.

The bottom line is that group policies do not work in isolation; you have to use them as part of your security strategy. Your example is a perfect case in point. there is no use in locking down users to using iexplorer.exe in the group policy if you have not locked down permissions on the executable itself at the same time.

Although it is a little simplistic, I run a check at logon for a number of executables that just checks date time stamps. if they are wrong, the app is copied down from the source location on my servers and overwrites the incorrect file. Dirty but effective.

At my work, we use the security permissions so that the user cannot get write access to the apps and dll's nor can they update the computer-element of the registry. This process negates the article you have highlighted.

Regards
keith
0
 
tourajamAuthor Commented:
Thanks
0
 
Keith AlabasterCommented:
thanks :)
0
 
tourajamAuthor Commented:
if someone have any idea !
can send here :
http://www.programmer.ir/forum/showthread.php?p=75#post75

hope adiministrator of expert exchange not remove this link.

This article also writed by Mehrdad admin of programmer.ir.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now