0 users browsing Discussion. | 22 bots  
    Main » Discussion » FUCK hsts
    Pages: First Previous 1 2
    Posted on 20-01-24, 16:59
    Dinosaur

    Post: #622 of 1316
    Since: 10-30-18

    Last post: 1 hour
    Last view: 1 hour
    Is there a difference if you delete stuff from the shell (Explorer), or from a (elevated) command prompt?

    Also, there are ways to run stuff as users higher than TrustedInstaller - IIRC Sysinternals has a tool for that.

    As for files coming back after deletion on Win2K, that's System File Protection kicking in to protect your OS from yourself, which was introduced on that release (and backported somehow to WinME).

    If only somehow I could delete NetMeeting from WinXP - it has no use nowadays, I have small HDDs/disk images for my XP boxes/VMs, and yet there is no official way to get rid of NetMeeting and friends: SFP will get in the way, restoring shit as soon as you delete it. But malware has no problems rendering your shit unbootable (hi Sality!)

    Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™
    Posted on 20-01-24, 20:24
    Derpy is best pony

    Post: #465 of 599
    Since: 10-29-18

    Last post: 195 days
    Last view: 8 hours
    Posted by tomman
    Is there a difference if you delete stuff from the shell (Explorer), or from a (elevated) command prompt?
    ... I considered that possibility when I saw one of the KYM examples was a batch file but dismissed it.

    Please hold.
    Posted on 20-01-24, 21:10
    Post: #128 of 202
    Since: 11-01-18

    Last post: 660 days
    Last view: 16 days
    would the OS running off of Fat32 make a difference?
    Posted on 20-01-24, 21:15
    Not the Messiah

    Post: #466 of 599
    Since: 10-29-18

    Last post: 195 days
    Last view: 8 hours
    Elevated CMD start in System32 which makes it a bit easier. So I start one up in my Win10 VM and type "del *.*", confirm... and get pages upon pages of "Access denied".

    So yeah, I'm thinking it played by the same rules.

    Posted by funkyass
    would the OS running off of Fat32 make a difference?
    If it has no way of setting permissions and ownership on the filesystem level, it'd have to make do with what 2000 did: refuse to touch the System32 folder itself, and put everything back that you manage to delete.
    Posted on 20-01-25, 03:46

    Post: #47 of 105
    Since: 11-13-19

    Last post: 1461 days
    Last view: 1461 days
    Bonus points regarding TrustedInstaller: If it's a Windows Store app, it will also be using NTFS Encrypting File System (EFS) to protect the files, and the certificate and keys that control that encryption are owned by TrustedInstaller, and also password protected with a key I have yet to determine, be it a static key, a system key, or whatever.

    The only way around this is to run the app, inject a DLL into it somehow, and that DLL dump the filesystem to an unencrypted location. There's a tool for this, too. Just don't expect those UWP or even Centennial apps to run outside of the store mechanism once removed from their encrypted storage. Certainly a handy way to hack at the resources, though. Due to the EFS, Windows Store apps are not likely to use extra encryption on their resources, like some Unreal Engine games have been known to do.
    Pages: First Previous 1 2
      Main » Discussion » FUCK hsts
      Kawa's Github