0 users browsing Discussion. | 1 guest | 1 bot  
Main » Discussion » FUCK hsts
Pages: First Previous 1 2
Posted on 20-01-24, 16:59
Not from my cellphone

Post: #622 of 740
Since: 10-30-18

Last post: 1 day
Last view: 7 hours
Is there a difference if you delete stuff from the shell (Explorer), or from a (elevated) command prompt?

Also, there are ways to run stuff as users higher than TrustedInstaller - IIRC Sysinternals has a tool for that.

As for files coming back after deletion on Win2K, that's System File Protection kicking in to protect your OS from yourself, which was introduced on that release (and backported somehow to WinME).

If only somehow I could delete NetMeeting from WinXP - it has no use nowadays, I have small HDDs/disk images for my XP boxes/VMs, and yet there is no official way to get rid of NetMeeting and friends: SFP will get in the way, restoring shit as soon as you delete it. But malware has no problems rendering your shit unbootable (hi Sality!)

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 20-01-24, 20:24
YEEEEAAAAH~!

Post: #465 of 502
Since: 10-29-18

Last post: 19 days
Last view: 2 hours
Posted by tomman
Is there a difference if you delete stuff from the shell (Explorer), or from a (elevated) command prompt?
... I considered that possibility when I saw one of the KYM examples was a batch file but dismissed it.

Please hold.
Posted on 20-01-24, 21:10
Post: #128 of 144
Since: 11-01-18

Last post: 11 days
Last view: 1 hour
would the OS running off of Fat32 make a difference?
Posted on 20-01-24, 21:15
Better with Bacon

Post: #466 of 502
Since: 10-29-18

Last post: 19 days
Last view: 2 hours
Elevated CMD start in System32 which makes it a bit easier. So I start one up in my Win10 VM and type "del *.*", confirm... and get pages upon pages of "Access denied".

So yeah, I'm thinking it played by the same rules.

Posted by funkyass
would the OS running off of Fat32 make a difference?
If it has no way of setting permissions and ownership on the filesystem level, it'd have to make do with what 2000 did: refuse to touch the System32 folder itself, and put everything back that you manage to delete.
Posted on 20-01-25, 03:46

Post: #47 of 70
Since: 11-13-19

Last post: 6 days
Last view: 21 hours
Bonus points regarding TrustedInstaller: If it's a Windows Store app, it will also be using NTFS Encrypting File System (EFS) to protect the files, and the certificate and keys that control that encryption are owned by TrustedInstaller, and also password protected with a key I have yet to determine, be it a static key, a system key, or whatever.

The only way around this is to run the app, inject a DLL into it somehow, and that DLL dump the filesystem to an unencrypted location. There's a tool for this, too. Just don't expect those UWP or even Centennial apps to run outside of the store mechanism once removed from their encrypted storage. Certainly a handy way to hack at the resources, though. Due to the EFS, Windows Store apps are not likely to use extra encryption on their resources, like some Unreal Engine games have been known to do.
Pages: First Previous 1 2
Main » Discussion » FUCK hsts
Yes, it's an ad.