EvilZone
Hacking and Security => Hacking and Security => : An Alien March 17, 2015, 02:16:15 PM
-
Hi guys,
I'm a QA tester testing a laptop which is supposed to be used as a kiosk. Windows 7 is installed and the user has very limited control + everything not needed is uninstalled. I'm supposed to figure out if there's any way of bypassing the measures they have put into place such as a locked down proxy server settings (settings are managed and blocked by admin).
The main use of this "kiosk" is that when computer starts up, it will automatically fire up IE 9 and load up the ONLY domain allowed by the proxy server. So anything but example.com will not work (I get "The proxy server isn't responding" error going to google.com).
If I go to settings for IE and try changing the proxy settings, I get something similar to this (my LAN settings is also grayed out): (http://www.sevenforums.com/attachments/network-sharing/326504d1406006902t-ie9-connection-tab-some-settings-controled-admin-cannot-change-connections.jpg)
Is there any way of changing the proxy server settings if they are locked down by admin?
-
You can change the registry entries to allow you access - so disable the registry and the command prompt, also ensure that they cant install another browser
-
The user does not have the rights to install anything so no browsers can be installed.
User does have limited access to command prompt. Also, the registry is available as well.
Do you know the specific registry keys/values which are used for the proxy server settings?
-
Use latest Windows privilege escalation exploit.
-
Do you know the specific registry keys/values which are used for the proxy server settings?
I believe it is hkcu\software\microsoft\windows\currentversion\internet settings
They could change it in there possibly. Or if they can escalate privileges they could delete the group policy.
-
Also make sure sticky keys settings are blocked so it can't be replaced with a command prompt. If they can get into the Win/system32 files they can replace sticky keys with it, log out then hit shift a bunch of times and have an admin command prompt and use net admin command to add a new admin user.
Also ensure that exes can't run off of a USB as someone can download a stand alone group policy editor and change the settings to reenable locked down features. Also remove access to CD/Floppy for the same reason
-
firefox has it's own proxy settings window.... just download the portable one and change it
-
For some reason the portable firefox browser wasn't working. I have to try that again. I did use a different portable application called Ultrasurf which allowed me to circumvent the proxy easily.
Thanks guys for all the feedback. Disabling exes from usb are very important.
-
yeaaah coool