home *** CD-ROM | disk | FTP | other *** search
- Date: Wed, 4 Nov 1998 15:55:09 -0500
- From: Krish Jagannathan <krisjag@JUNO.COM>
- To: BUGTRAQ@netspace.org
- Subject: FoolProof for PC Exploit
-
- I figured this much out -- if you are running on FoolProof for the PC
- (Win9x) and you boot up in safe mode (with or without network support) it
- will bypass the FoolProof TSR and enable full privileges, even deleting
- the FoolProof directory.
- ---
- Krish Jagannathan
- krisjag@juno.com
- YCHJCYADTKCF
-
- ___________________________________________________________________
-
- Date: Mon, 9 Nov 1998 15:48:36 -0500
- From: Erik Soroka <erik@kirenet.com>
- To: BUGTRAQ@netspace.org
- Subject: Re: FoolProof for PC Exploit
-
- On Wed, 4 Nov 1998 15:55:09 -0500, Krish Jagannathan wrote:
-
- >I figured this much out -- if you are running on FoolProof for the PC
- >(Win9x) and you boot up in safe mode (with or without network support) it
- >will bypass the FoolProof TSR and enable full privileges, even deleting
- >the FoolProof directory.
-
- Another point of reference dealing with this program (and a much cleaner
- approach) -- FoolProof for Windows 9x stores the administrator password in
- plaintext in the Windows Swap file. All you have to do is boot up into safe
- mode (as mentioned above), copy the swap file to a temporary filename, reboot
- into windows and use a hex editor to search the swapfile for the string,
- "FOOLPROO" and right after will be the actual password.
-
-
- foolproof - adj. (1) "so simple, plain, or reliable as to leave no opportunity
- for error, misuse, or failure..."
-
-
- The name of this "security" program doesn't seem to fit the numerous bugs and
- glitches it has -- however it is a neat program with some nice features that
- might come in handy on systems accessible to the public.
-
- Enjoy.
-
-
-
-
- ______________________________________________________________
-
- Erik M. Soroka (NIC: ES2600) | Voice/Fax: 508.669.5208
- KIREnet Communications Inc. | Page/Beep: 978.629.3322
- Web: http://www.kirenet.com | E-Mail: erik@kirenet.com
- ______________________________________________________________
-
- ___________________________________________________________________
-
- Date: Mon, 9 Nov 1998 14:56:21 -0600
- From: axon <axon2017@STUDENTS.JOHNCO.CC.KS.US>
- To: BUGTRAQ@netspace.org
- Subject: Re: FoolProof for PC Exploit
-
- <See Original Message Below>
-
- This works for the macintosh as well. Holding <SHIFT> down while booting
- bypasses extensions. FoolProof for mac does not load, and ZAP! Away
- with foolproof (or just to temporarily get it out of your way... just
- because you can.) I'm not really a Macintosh guy, but when that's all
- you're given on campus through most of your highschool years, you'll
- learn to tinker. Also, if you use the resource editor to open up
- foolproof Macintosh, you can find a (poorly) encoded password. It's
- been 2 or 3 years, but I think it was derived from base 64 or something
- silly like that, but memory may serve me incorrectly. Play around. You
- may be able to find some registry goodies with FoolProof for Win95 (or if
- it doesn't do registry handling...you mentioned it's a TSR), maybe break
- out your hex editor on some configuration files.
-
- /|\ / /~\ |\ |
- / | \ / / \ | \ |
- /__| >< < > | \ |
- / | / \ \ / | \| -Editor-in-chief, Hackers Information Report E-Zine
- / // \ \_/ / / http://hir.home.ml.org
- "A Hacker of the Light..."
-
- ___________________________________________________________________
-
- Date: Mon, 9 Nov 1998 13:04:52 -0800
- From: Darren Rogers <DROGERS@CI.SIMI-VALLEY.CA.US>
- To: BUGTRAQ@netspace.org
- Subject: Re: FoolProof for PC Exploit
-
- Actually, this works for pretty much any Win9x 'security' add-on. If the startup menu is disabled (most add-on hacks let you do this
- without the text file editing normally required) , a well timed flick of the power switch will enable you to start in safe mode.
- DJ
-
- >>> Krish Jagannathan <krisjag@JUNO.COM> 11/04 12:55 PM >>>
- I figured this much out -- if you are running on FoolProof for the PC
- (Win9x) and you boot up in safe mode (with or without network support) it
- will bypass the FoolProof TSR and enable full privileges, even deleting
- the FoolProof directory.
- ---
- Krish Jagannathan
- krisjag@juno.com
- YCHJCYADTKCF
- ___________________________________________________________________
-
- Date: Mon, 9 Nov 1998 13:04:53 -0800
- From: The Tree of Life <ttol@STUPH.ORG>
- To: BUGTRAQ@netspace.org
- Subject: Re: FoolProof for PC Exploit
-
- This is true for some cases, but the latest FoolProof allows a option that
- will prompt for a password if someone presses F5 or F8 at bootup. It will
- then allow you unlimited tries, but you can't resume normal bootup unless
- you reboot. FoolProof also doesn't protect the 'Press Del to enter Setup'
- at bootup, so you can reset the boot sector to default (this works on some
- models where it resets the boot sector to factory default), which I think
- bypasses the F5 thing. Before that happens though, the boot sector has to
- be in memory already (the old one), so that the system can replace the new
- one with the old one.
-
- Oh, I've seen a QB program where it records keystrokes, even ctrl and
- shift. Since FoolProof doesn't allow people to run programs externally,
- but could open up a text file, just load the .bas file in QB.EXE and maybe
- if someone could get it to run in low priority (background process), it
- could capture the hotkey.
-
- another thing is that i *think* it is possible (i'll try it tomorrow in
- school) is to copy command.com onto a disk, rename it to temp.txt, and
- load it in wordpad. then save it as c:\windows\help\wordpad.hlp (answer
- no when it asks you to convert it), and go to help and you'll be dropped
- to dos.
-
- I hope that helps.
-
- btw: That gay jester at startup sucks..it's very annoying :)
-
- -t
-
- .--------------------------------------------------------------------------.
- |The Media and the Monster: Which is the Creator and which is the creation?|
- |--------------------------------------------------------------------------|
- | System Administrator/DNS Network Administrator/Keeper of Gods |
- |Kalifornia.com (c)1998 | ttol@stuph.org | http://www.ttol.stuph.org|
- `--------------------------------------------------------------------------'
-
- ___________________________________________________________________
-
- Date: Mon, 9 Nov 1998 20:23:07 -0800
- From: William Tiemann <maxinux@BIGFOOT.COM>
- To: BUGTRAQ@netspace.org
- Subject: Re: FoolProof for PC Exploit
-
- On Wed, 4 Nov 1998, Krish Jagannathan wrote:
-
- >I figured this much out -- if you are running on FoolProof for the PC
- >(Win9x) and you boot up in safe mode (with or without network support) it
- >will bypass the FoolProof TSR and enable full privileges, even deleting
- >the FoolProof directory.
- >---
- >Krish Jagannathan
- >krisjag@juno.com
- >YCHJCYADTKCF
-
- This may be true(infact it is true) but is a sign that your administrator
- forgot or did not know about F8. This was the case at a school i know
- that just setup FoolProof, forgot F8, and diskette booting, but that was
- negligence.
- So here is another problem in foolproof
-
- Bug/flaw:
-
- A bug that for all intensive purposes is a bug. If you can execute 'echo'
- with 4 command line arguments you can disable (esentially delete)
- foolproof.
-
- Implication:
-
- Disable _protection_ (if you can call it that) from FoolProof.
-
- Exploit:
- echo Hi > c:\fool95\fooltsr.exe
- Do this with every file in the foolproof dir (The install directory may
- vary).
-
- Fix:
-
- Run a UN*X os instead of a Microsft product?
- Seriously though, I have not looked into side effects(or if even possible)
- to disable 'echo', so making all files in the foolproof dir (and elsewere
- through out the computer, have not looked for them all) read only so you
- _cant_ write to them, but also disable attrib changes.
-
-
-
-
-
- -- Max Inux <maxinux@openpgp.net> Hey Christy!!! KeyID 0x8907E9E5
- Kinky Sex makes the world go round O R Strong crypto makes the world safe
- If crypto is outlawed only outlaws will have crypto
- Fingerprint(Photo Also): 259D 59F7 D98C CD73 1ACD 54Ea 6C43 4877 8907 E9E5
-
- ___________________________________________________________________
-
- Date: Tue, 10 Nov 1998 22:31:43 GMT
- From: pcsupport <pcsupport@smartstuff.com>, pcsupport@smartstuff.com
- To: BUGTRAQ@netspace.org
- Subject: Re: FoolProof for PC Exploit
-
- Michael,
-
- We are prefectly aware that on older versions of FP the password is visible
- with a hex editor. But since any school would be foolish to allow such
- programs to run in the first place, the issue is a dead end 99.9% of the
- time. This is not military style, espionage-level security - it is for public
- workstations with restricted purposes and limited applications.
-
- As you indicated, typical computers are exceedingly simple to understand and
- horse around with. We agree, and appreciate that most high schoolers can
- easily grasp what is required to operate and even program computers. This
- should not be surprising to anyone.
-
- That being said, the point of security for most schools is one of convenience
- and very casual play with the machines by students. FoolProof can be
- configured to be very hard to break indeed, but some schools simply do not
- want to configure it in that fashion - and they may well be right if they
- know thier students well.
-
- Don't worry - more encryption and more features are always in the works. Take
- care,
-
- SmartStuff Software Technical Support
- 800-671-3999
-
-
- Michael Ballbach,ballbach@lorien.ml.org writes:
- [ I'm cc'ing smartstuff, maybe this time they'll hear us. Smartstuff, feel
- free to contact me for more information on what I know. The following
- refers to foolproof v1 - v3, on a mac. ]
-
- Holding shift to bypass foolproof on a mac is ineffective if you enable
- the disable foolproof bypass on extension bypass option or however it's
- phrased in there.
-
- The password is not base64 encoded, and depending on the version there are
- various (very poor) methods of trying to obscure it, in the preference
- files for versions prior to 3, the password sticks out like a sore thumb,
- and with versions 3+ it's a tad more obscure, but the method of encryption
- has not changed.
-
- I broke the encryption my freshmen year in high school and it took about
- an hour with a piece of paper and a hex editor, I didn't even use a
- calculator. The base conversions took the most time. (ok ok two pieces of
- paper)
-
- Perhaps these issues coming into the public will force smartstuff to do
- something about it, I've contacted them many times and they either ignore
- me, or some guy that has no clue what's happening replies and blows me
- off.
-
- I'd publish the encryption details but doing so would compromise the
- security of thousands of machines (including the ones I used to run), and
- I don't think that's worth it... (I think smartstuff would agree) It's a
- good program over all, but they really picked a very poor method of
- encryption for a program that's supposed to protect machines at
- educational institutions... christ I'm a high school drop out and it
- wasn't a challenge for me.
-
-