Wednesday, February 19, 2014

Reverse Engineering - Hack Norton GoBack

,
That was an old trick i used as a PoC to some of my fellas, some years ago in a net station : > This hack will definitely get you out of shit. Especially when you're in troubles!

1. Run OllyDbg, open file GBOption.exe in "%Program Files%\Norton GoBack".

2. Hit F9 in OllyDbg. The Norton GoBack Options will appear.
Choose 2nd tab, click "Change Level...". A window to change level for each action will appear: enable/disable, uninstall, autobackup... There are three levels: ADMIN, USER and NONE. By default, the level for uninstall is ADMIN, mean that you must have administrator password in order to uninstall it.

3. Return to OllyDbg, jump to address 0x0043697D by pressing Ctrl+G, enter address in it and click OK. Then you will notice these addresses below:
00436970 > 8B0D A8964700 MOV ECX,DWORD PTR DS:[4796A8]
00436976 . 50 PUSH EAX
00436977 . 51 PUSH ECX
00436978 . E8 93E9FFFF CALL GBOption.00435310
0043697D . 83C4 08 ADD ESP,8
00436980 . 85C0 TEST EAX,EAX
00436982 . 0F954424 0F SETNE BYTE PTR SS:[ESP+F]
The address which GoBack uses to check administrator password is 0x00436978. This function will always return false because we're missing the password... So we will set a breakpoint in address 0x0043697D to change its return value by pressing F2. Then the line will change red.

4. Enter any pass you want and return to Norton GoBack Options, click OK, it will ask for the administrator password, enter anything you want and press OK. Now, the control is changed to OllyDgb, it ran to address where I set breakpoint and paused. Look in the registers window of OllyDbg, you'll see EAX = 0x00000090. Double click to it, change EAX to 0x00000000 and press F9 to continue. Now you'll see that no warning message was shown.

Voila! Owned....
Read more →

Wednesday, February 12, 2014

Keep users happy: Don`t call them users.

,
Sysadmin blog A common complaint about IT staff is their lack of social skills. As in any industry that attracts a certain type of person, there's a high percentage of dark-room-dwelling people who can sometimes struggle to communicate. This is either through what they say or how they interact with others.
Not all IT people are like this of course, just as nurses are not all popping out of their skimpy outfits and pool cleaners don't universally have a mustache and manage to find themselves in many interesting and awkward situations.


There are some guidelines I can recommend based on many years of personal experience, as well as observing others.
Helpdesk 101: Never trust the user. When a user tells you something is happening, see it for yourself. Think of this situation as if they just watched a doctor perform brain surgery, then had to summarise what happened. They're going to make guesses and assumptions on the bits they don't understand. Once you see the issue for yourself, then start the troubleshooting. There is no point spending hours chasing a dragon to slay if the dragon turns out to be a funny-shaped rock. Ask to see that error message or recreate the issue.
Don't call them 'users': IT staff can often forget they're in a position of service. Nobody likes getting bad service; it doesn't matter if it's the 15-year-old at your local fast food restaurant or a rude doctor. This means respecting every person you deal with. "User" is a technical word and should not be used outside of technical circles - people want to feel like people. Generally I would recommend calling them "staff" for internal people, and "clients" for external people – a good guide is to use the same term as other departments with their communications.
Turn a "no" into an alternative solution: Everyone gets questions that should receive a negative answer, but when someone reaches out for help, that's the last thing they want to hear. "Can I plug in my personal laptop and use it at work?" usually comes under that category. The answer should be an alternative solution to their problem. Maybe they can do everything over the internet from that laptop, or they just need to get some files off, which could be done via USB storage.
Often people will ask for something they think is the best solution to their problem, which means more questions need to be asked to find out what they are actually trying to accomplish.
Good communication: Keep people updated. Let them know someone is working on their issue. Let everyone know of outages and resolutions by whatever notification method works the best. Check if people want more assistance, or to be left alone. Follow-ups should always be done; all users should be notified somehow that their issue or request has been addressed.
Adaptation: Some users want to know every intricate detail about their brand new laptop and how to use all the fancy new options. Others will want the laptop left on their desk without a word. Part of adaptation is reading people and asking the right questions, and the other half is leading them down the path that actually helps them more.
You can't hassle that person who wants to be left alone, but if there's one important nugget of information, you need to get that across somehow. Just wiping your hands clean and walking away won't help: if they don't know their password was reset, they'll just get angry and think you're useless at your job.
This might all sound like common sense to many, but it takes a lot of time to build up trust with your userbase, while only a few slip-ups can completely destroy it. You're there to assist the business, and that often doesn't align with an individual's particular request, but part of your job should be to keep both sides happy.

Read more →