Old trick - always works?

Internet Explorer 9 cloud emulator in Google Chrome browser window .

image

Foreword


This story began with the fact that I was looking for the IE7 / 8/9 emulator to check one of the web projects, I needed to check how IE9 responds to the SSL certificate.
I checked the site - everything is fine, and after which I asked myself the question: what will happen if ....? And yes, I have nothing to do with the company above.

Tighten the nuts Uncle Styopa


I am not a programmer at all, but I was impressed as an admin and really appreciated that the guys from this company were so "confused" and created an entire infrastructure based on VMWare technology. Indeed - they optimized the automatic creation of temporary virtual machines with pre-configured OS and software, and all this quickly, in the browser.

In youth, my friends and I sometimes spent time in computer clubs - a classic story, we had nothing to do to find ways to at least somehow make our lives easier and to set an example as a game bypassing the admin (the person who accepted your money in exchange for playing time). And once I found a way to bypass the software shell that blocked access to everything except games - it was still the era of Windows 98 / Me in Russia.

Any program has a certificate, and computer clubs of that time had the practice of uploading pirated films on the net.
So WMP and VLC were on the list of available software, the trick was that when calling help, you could enter any URL inside if you wanted. for example C: \

Then everything happened very quickly and simply, access to local disks, temporary removal of protection (Astalavista software seems to be), and a lot of pleasant things in the form of installing any software, games, and generally a complete walk around - I don’t know for what reasons the admin club gave admin rights to an ordinary user, this is not important anymore - it was fun;)

The same emulator - a new look

image

Of course, a lot of water has flowed since then, but traditionally, Microsoft has improved the help and brought it almost to the ideal. Starting with MS Windows 7, you get intelligent help - after all, upon request, for example: control panel, you can directly open the “Control Panel” in the help link. In some cases, even the local policy and tweaks hiding disks hiding from the user, personal folders that prohibit the opening of certain system programs, etc., do not work ...

By default, the help in IE was disabled, but in the "downloads" section, after I clicked review, the coveted "?" icon appeared. After opening the necessary section, I already had access to almost the entire system within the framework of the account of an ordinary “rightless user”, even to the Windows Registry.

But there should only be a browser ...

image

image

conclusions


There is never much security, twisted the GPO, cut tweaks, removed the rights for users, limited everything to the maximum, however, in this case, the ability to use the help just needs to be turned off (cut the applet, or block the start of the help with tweaks).

Of course, by and large, all these actions are of little use - this is a virtual machine created from scratch that will die in 15 minutes.

PS I notified the company providing this service of the vulnerability, but my Facebook post was deleted (there was a screenshot asking to be contacted to provide information).

PPS If you find spelling errors - please write to me in the PM

Also popular now: