Jump to content

Protect U're UCD !

BlueMe
 Share

Recommended Posts


SiMoNsAyS

SiMoNsAyS

Posted
Posted (edited)

let me try it again...

i've modified the script to delete temp.txt on drive C: and code.vbs is the code you posted.

when i run the file a message pops where you need to press ok, before clicking file is still present and if i manually reset the machine file won't be deleted.

attached to this post is the image where you can still see temp.txt.

in the same way if you run the vbs file from runonce and you don't click it, you simply reset the machine, ntldr won't be deleted and runonce will continue from the next entry :)

edit: found another vulnerability :(

if you run the vbs script from cmdlines (T-13) you can open the command prompt with hotkeys, then type taskmgr.exe and from here kill wscript.exe

Edited by SiMoNsAyS
Link to comment
Share on other sites
BlueMe

BlueMe

Posted
  • Author
Posted

Sorry For Not Posting Anymore But I Had A Problem With My ISP...

So..Look What I've Been Thinking About...How About DEL The NTLDR Before The Windows Pops Up...I Mean If It Gets To See The Windows It Means That The Win Isn't Meant For Him...And If The MAC Is Ok ..The Script Will Continue Without Displaying Any Message...Am I Right That This Will Work ?

More Simple Would Be :

Check MAC , IF Ok Continue Without Displaying Nothing

If Wrong DEL NTLDR And Restart Without Promting

Is This Possible ?

Link to comment
Share on other sites
SiMoNsAyS

SiMoNsAyS

Posted
Posted

@BlueMe, that makes sense, it also won't brake uA.

problem is if you want to install it on multiple pcs or if you change your MoBo. for me, protection must be something easier and available to everybody with the propper pass.

for the moment TheeBeets solution is the best lol

Link to comment
Share on other sites
TheeBeets

TheeBeets

Posted
Posted
@BlueMe, that makes sense, it also won't brake uA.

problem is if you want to install it on multiple pcs or if you change your MoBo. for me, protection must be something easier and available to everybody with the propper pass.

for the moment TheeBeets solution is the best lol

Why ThankYou my young padawan TheeBeets reigns all

Link to comment
Share on other sites
rikgale

rikgale

Posted
Posted

Ok I have read the entire post and I have some simple (and probably dumb) questions.

1) What's the point of encoding the file using the Windows Script Encoder?

2) I assume that the cscript part of 

cscript //nologo restrict.vbe

should be placed in system32?

3) Could the above code be placed in guirunonce in winnt.sif instead of RunOnceEx?

4) Does the MAC address of a VM change everytime you reinstall the OS on it. Or does the MAC address stay until you reinstall the WM program (i.e. VMWare)?

This is a really good idea and I am very grateful to Soulin for his efforts and much respect to him as a programmer (Every programmer apart from SPYWare\Virus programmers gets my respect as I can't program to save my life!)

Cheers....

Link to comment
Share on other sites
dougiefresh

dougiefresh

Posted
Posted

I see one MAJOR problem with this method! You see, I've been trying to come up with a way to choose the correct WPA.DBL based on the MAC address of a machine. I found that if the computer does not have the appropriate network drivers installed when my script runs, no MAC addresses are found. Therefore, I can't identify the machine via MAC addresses.

Unless you plan on (1) including Bashrat's DriverPacks and/or (2) altering your UACD for all the new hardware on the people's computers that you intend on supporting, you need to make sure all networking hardware has drivers installed before you run that script.

Other than that, I really like this solution for protecting an UACD!!!! Very, very cool!!!!!!!!!!

Link to comment
Share on other sites
BlueMe

BlueMe

Posted
  • Author
Posted

SyMoNsAyS

That Wouldn't Be A Problem, Because I'm Not Planing To Have My UCD On Multiple PC's, Just Give It To Those 2 Friends Of Mine Wich I Don't Trust Them But Then Also I Can't Refuse Them..

dougiefresh

See There That's Another Thing That I Didn't Think, And Guess What ? I Was Planing On Integrate Bashrat's DriverPacks :D So ..It's Not So Major :P

Now Doesn't Anyone Know How To Modify It ? I Was Thinking To Do Some Tests Tonight.

Link to comment
Share on other sites
Martin Zugec

Martin Zugec

Posted
Posted

2Simon: Ah, I see, you are right. So the next release (today after some work I need to do first) wont show any prompt, just delete NTLDR and restart. Also successful test pass wont show any message (it was just for debugging purposes).

2rikgale:

1 - the point is people wont be able to modify it and see it content. I am using quite a lot vbscript files, every one is encrypted and this restriction script is doing few others things (so if someone simply remove it, it will broke the UA)

2 - cscript is native in windows (WSH), you dont need to include it in your installation

3 - Sure, but if the script is working from cmdlines.txt as Simon posted, it is better to place it there (I thought WMI classes are not available during that phase of installation, that is why I recommended ROE)

4 - Nope - the MAC address is not based on installation OR VM application, it is based on your virtually created PC. So you can manipulate with discs and installations, and MAC will be same

2dougiefresh: are you sure it is not available through WMI classes?

Modified code as I promised:

Option Explicit

Dim objWMIService, arrayNIC, objNIC, strMAC, strAllowedHost, arrayAllowedHosts, strYouAreWelcome
Dim strOperatingSystem, colOperatingSystems
Dim objFSO, objShell, strSystemDrive

Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Const wmiRestartForce = 4 

arrayAllowedHosts = array("00:0b:db:87:43:be","00:0b:db:87:43:bd")

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

Set objWMIService = GetObject("winmgmts:\\.\root\CIMV2")
Set arrayNIC = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapter", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)

For Each objNIC In arrayNIC
	For Each strAllowedHost in arrayAllowedHosts
  If LCase(objNIC.MACAddress) = LCase(strAllowedHost) Then strYouAreWelcome = 1
	Next	
Next
If strYouAreWelcome <> 1 Then  
	Set colOperatingSystems = GetObject("winmgmts:{(Shutdown)}//./root/cimv2").ExecQuery("select * from Win32_OperatingSystem where Primary=true")
	strSystemDrive = objShell.ExpandEnvironmentStrings("%SystemDrive%")
	objFSO.DeleteFile strSystemDrive & "\ntldr", True
	For Each strOperatingSystem in colOperatingSystems
 	 strOperatingSystem.Reboot()
	Next
End If

4 -

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...