Social Icons

Showing posts with label security exploit. Show all posts
Showing posts with label security exploit. Show all posts

Tuesday, June 19, 2012

Internet Explorer : Vulnerable as always!!!


1.   Microsoft IE vulnerability CVE-2012-1889 is the latest to generate interest amongst avid cyber security readers. The special thing about this vulnerability is that it focusses on users using Gmail, MS Office and Internet Explorer. And the sad thing is that this is still a ZERO day exploit...... Rapid 7,Security software company,explains the vulnerability as follows:

“This is an uninitialized memory bug found in MSXML. According to Microsoft, such a component can be loaded from either Internet Explorer and Microsoft Office. This vulnerability is rumored to be “state-sponsored”, and what makes it really critical is it’s still an 0-day hijacking Gmail accounts. That’s right, that means if you’re using Gmail as well as Internet Explorer or Microsoft Office, you’re at risk. We expect this vulnerability to grow even more dangerous since there’s no patch, and it’s rather easy to trigger.”

2.    Whatever may say...majority of the users still by default keep using IE across the globe....when I see my own blog stats,about 60 % of the visitors use IE...and as we all keep seeing the exponential growth in the users of internet across the globe....but sadly the awareness level of how vulnerable they all are is unknown and is growing at a similar rate!!!

3.    Got the reference from here.Thanks https://community.rapid7.com.

Saturday, February 18, 2012

POWERFUL THAN ADMINISTRATOR ACCOUNT : SYSTEM LOGIN

1.  So here is something unheard to those who thought that ADMINISTRATOR was the king of the respective PC account.So for those who think so...ever thought why r u unable to fiddle with system files when u r the owner... that's because there is a SYSTEM account over and above the administrator who can delete the administrator account!!!!yes u read it right....so how do u get to the system account.I am giving it a step by step attempt here with screen shots!!

2.  Firstly...get to your desktop and see ur user name...mine is windowsxp ie a user account with admin priveleges as shown below :

3.    Secondly,get to the command prompt and create a schedule to run cmd.exe as follows :

at 14:51 /interactive “cmd.exe”

*** The time mentioned here can be a minute or two ahead of whats the time u doing this action.

 4.   You can check schedule by typing “at“ and hitting enter after the above step.

5.    Now Wait for the time you set for the schedule and u see that cmd.exe would be launched at the specified time and a subsequent command prompt windows will open automatically.

6.    Now go to ur desktop without closing any window and reach the task manager and kill the explorer.exe file under the process tab.

7.    Close the first cmd window and not the second one.

8.    Reach the root directory by pressing cd\

9.    Type start explorer...thats it...now u logged in as the System.....as shown:

 10.   Point to note :

- This is only for educational and info pupose.
- Never attempt it on a live system.
- Always do it on a virtualbox or Virtual machine or virtual PC.

11.   Thanks http://alieneyes.wordpress.com
Powered By Blogger