LITTLEBLACKDOG.COM

Posted: Mon Mar 17, 2008 5:51 am Post subject: lock it up f00l

An an infosec dude, one of my pet peeves is unsecured workstations. Especially IT folk w/ root level access to systems. I can't tell you how many times I've sent emails and the like to entire departments. It's time to step up my game a little. I'm looking for a script that will live on a public share & change the victims background to some lame David Hasselhoff picture. The idea is to get in and get out quickly. Very Happy

Posted: Mon Mar 17, 2008 6:39 am Post subject:

Make sure that the script either locks the workstation or that you lock it once you've run the script. Heheh.

Posted: Mon Mar 17, 2008 7:16 am Post subject:

Are you wanting something that you push down, or something where if you wandered around and found an unsecured workstation that you could hop on real quick and run it on there?

Posted: Mon Mar 17, 2008 7:16 am Post subject:

This should answer both Websters and Pakiiis questions/comments

Turn and burn type mission... the objective it to pull a quick prank by navigating to the share from the victims desk then leaving a secured workstation with a "windows key | l"

Posted: Mon Mar 17, 2008 7:19 am Post subject:

So far so good, but it's not making the changes stick until after a logout. Which defeats the purpose

Quote:
@echo off
call :quiet>nul 2>&1
goto :EOF
:quiet
:: Configure Wallpaper
REG ADD "HKCU\Control Panel\Desktop" /V Wallpaper /T REG_SZ /F /D "%SystemRoot%\Prairie Wind.bmp"
REG ADD "HKCU\Control Panel\Desktop" /V WallpaperStyle /T REG_SZ /F /D 0
REG ADD "HKCU\Control Panel\Desktop" /V TileWallpaper /T REG_SZ /F /D 2
:: Make the changes effective immediately
%SystemRoot%\System32\RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters

Based off this batch file found here:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=10732

Posted: Mon Mar 17, 2008 8:43 am Post subject:

KiX is your friend, specifically the SETWALLPAPER function.

Posted: Mon Mar 17, 2008 8:44 am Post subject:

Why not have your script run and then logoff the user?

Posted: Mon Mar 17, 2008 10:53 am Post subject:

Pakiii wrote:
Why not have your script run and then logoff the user?

Session preservation.

The douchebag from internal support that logs me off instead of locking my workstation is signing up for some pain if I have to restart a 4 hour build.

Posted: Mon Mar 17, 2008 11:49 am Post subject:

CMTG wrote:
Pakiii wrote:
Why not have your script run and then logoff the user?

Session preservation.

The douchebag from internal support that logs me off instead of locking my workstation is signing up for some pain if I have to restart a 4 hour build.

Whilst I lean toward the BOFHside, generally I don't like to cause unnecessary work. However the user is responsible for his/her terminal... it should have been locked up.

No reason for not securing your workstation Exclamation

Posted: Mon Mar 17, 2008 4:33 pm Post subject:

fear_nothing wrote:
CMTG wrote:
Pakiii wrote:
Why not have your script run and then logoff the user?

Session preservation.

The douchebag from internal support that logs me off instead of locking my workstation is signing up for some pain if I have to restart a 4 hour build.

Whilst I lean toward the BOFHside, generally I don't like to cause unnecessary work. However the user is responsible for his/her terminal... it should have been locked up.

No reason for not securing your workstation

So lock it then, don't log me off. And if you really want root access to our collection of aging build machines, be my guest. Everyone in development has, I have plausible deniability. Wink

Guide Dog Joined: 08 Nov 2003 Posts: 8403 Location: MN

fear_nothing wrote:
CMTG wrote:
Pakiii wrote:
Why not have your script run and then logoff the user?

Session preservation.

The douchebag from internal support that logs me off instead of locking my workstation is signing up for some pain if I have to restart a 4 hour build.

Whilst I lean toward the BOFHside, generally I don't like to cause unnecessary work. However the user is responsible for his/her terminal... it should have been locked up.

No reason for not securing your workstation

Not having my foot put up your ass it YOUR responsablity...

No reason for Touching my work station.

I like to call it "security through making an example of that last guy."

Besides, the last person to leave me a message about how I should lock my workstation when I walk away for a second in notepad, got a similar message... except he was sitting in his cube, infront of his computer using it, My message though offered that locking your computer offers little in the way of security.
Closing the message was a bad Idea.. it lead to [ur=http://www.f-secure.com/hoaxes/sheepexe.shtmll]sheep.exe[/url] being fired off... and every time he killed one of them two more came...
after a 10-12 sheep the windows 16 bit subsystem couldn't take it any more and the computer slowed to a crawl. I killed the process remotely about that time.

Posted: Mon Mar 17, 2008 5:54 pm Post subject:

http://www.littleblackdog.com/post184655.html

Posted: Tue Mar 18, 2008 4:19 am Post subject:

anglachel wrote:
fear_nothing wrote:
CMTG wrote:
Pakiii wrote:
Why not have your script run and then logoff the user?

Session preservation.

The douchebag from internal support that logs me off instead of locking my workstation is signing up for some pain if I have to restart a 4 hour build.

Whilst I lean toward the BOFHside, generally I don't like to cause unnecessary work. However the user is responsible for his/her terminal... it should have been locked up.

No reason for not securing your workstation

Not having my foot put up your ass it YOUR responsablity...

No reason for Touching my work station.

I like to call it "security through making an example of that last guy."

Besides, the last person to leave me a message about how I should lock my workstation when I walk away for a second in notepad, got a similar message... except he was sitting in his cube, infront of his computer using it, My message though offered that locking your computer offers little in the way of security.
Closing the message was a bad Idea.. it lead to [ur=http://www.f-secure.com/hoaxes/sheepexe.shtmll]sheep.exe[/url] being fired off... and every time he killed one of them two more came...
after a 10-12 sheep the windows 16 bit subsystem couldn't take it any more and the computer slowed to a crawl. I killed the process remotely about that time.

Whats so fundamentally tough about locking your company workstation when your not there?

Posted: Tue Mar 18, 2008 6:53 am Post subject:

So you don't force the Lock Workstation thru the screen saver with group policy. If they are not going to lock it then lock it for them. Every minute.

I am like you. I don't get up until I lock the work station. I even have a shortcut on my desktop should I be holding the mouse when I want to walk away.

Posted: Tue Mar 18, 2008 7:12 am Post subject:

squashman wrote:
So you don't force the Lock Workstation thru the screen saver with group policy. If they are not going to lock it then lock it for them. Every minute.

I am like you. I don't get up until I lock the work station. I even have a shortcut on my desktop should I be holding the mouse when I want to walk away.

We do but its too long - it's set at 60 minutes. Shocked

Which givesan evil do-er more than enough time to muck things up.