[8473] in bugtraq
Re: FoolProof for PC Exploit
daemon@ATHENA.MIT.EDU (The Tree of Life)
Tue Nov 10 12:32:29 1998
Date: Mon, 9 Nov 1998 13:04:53 -0800
Reply-To: The Tree of Life <ttol@STUPH.ORG>
From: The Tree of Life <ttol@STUPH.ORG>
X-To: Krish Jagannathan <krisjag@JUNO.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19981104.203613.-974293.0.krisjag@juno.com>
This is true for some cases, but the latest FoolProof allows a option that
will prompt for a password if someone presses F5 or F8 at bootup. It will
then allow you unlimited tries, but you can't resume normal bootup unless
you reboot. FoolProof also doesn't protect the 'Press Del to enter Setup'
at bootup, so you can reset the boot sector to default (this works on some
models where it resets the boot sector to factory default), which I think
bypasses the F5 thing. Before that happens though, the boot sector has to
be in memory already (the old one), so that the system can replace the new
one with the old one.
Oh, I've seen a QB program where it records keystrokes, even ctrl and
shift. Since FoolProof doesn't allow people to run programs externally,
but could open up a text file, just load the .bas file in QB.EXE and maybe
if someone could get it to run in low priority (background process), it
could capture the hotkey.
another thing is that i *think* it is possible (i'll try it tomorrow in
school) is to copy command.com onto a disk, rename it to temp.txt, and
load it in wordpad. then save it as c:\windows\help\wordpad.hlp (answer
no when it asks you to convert it), and go to help and you'll be dropped
to dos.
I hope that helps.
btw: That gay jester at startup sucks..it's very annoying :)
On Wed, 4 Nov 1998, Krish Jagannathan wrote:
> I figured this much out -- if you are running on FoolProof for the PC
> (Win9x) and you boot up in safe mode (with or without network support) it
> will bypass the FoolProof TSR and enable full privileges, even deleting
> the FoolProof directory.
> ---
> Krish Jagannathan
> krisjag@juno.com
> YCHJCYADTKCF
>
> ___________________________________________________________________
> You don't need to buy Internet access to use free Internet e-mail.
> Get completely free e-mail from Juno at http://www.juno.com/getjuno.html
> or call Juno at (800) 654-JUNO [654-5866]
>
-t
.--------------------------------------------------------------------------.
|The Media and the Monster: Which is the Creator and which is the creation?|
|--------------------------------------------------------------------------|
| System Administrator/DNS Network Administrator/Keeper of Gods |
|Kalifornia.com (c)1998 | ttol@stuph.org | http://www.ttol.stuph.org|
`--------------------------------------------------------------------------'