Main:advertisement
How to gain access to the command prompt and also gain privileges on LAPL libraries. From their you can pentrate further.
A tutorial on how to get past library security for further privileges. This was only tested on Los Angeles public library computers, and not guaranteed to be successful on other libraries.
First an introductory on what we are trying to bypass. LAPL (Los Angeles Public Libraries) use windows 2000 as their OS. They replace the regular explorer.exe with their own. There explorer.exe secures the OS in someway by hiding icons and restricting access to programs other than IE. The key to bypass their program I their own explorer.exe and also Window's "ICA seamless session".
Window's ICA seamless session runs when you have a published application which will want to run in a desktop like the normal explorer.exe. This behavior is caused because your application has initialized 'explorer.exe'. By default, when explorer.exe is initialized it checks to see whether an instance of explorer.exe is running within the users session. If there is already an instance of explorer.exe running, Windows Explorer is started. However, if explorer.exe is not already started, a server desktop is spawned.
Now, you may ask how you would be able to run "ICA Seamless Session". To do this you must first have access to a computer in the library.
Open up IE and enter "http://webcheck.lapl.org/icas/60word.ica" in the address bar. What this link does is automatically run Microsoft Word. Now, while your are in word. You file -> open. Then you will see "My computer" and "My Network Places". Right click any of them, and then click "explore".
What this does is try to run "explorer.exe" but wait, explorer isn’t running... so what Windows does is eliminate the Library's explorer.exe and runs the regular explorer.exe in a Seamless session. This session ends when you log off or turn off the computer.
After that, just check the desktop, and voila, ICONS!!! LOL, also click Start and voila "run", "Programs", more icons!! Lol.
To run the command prompt you basically create a batch file which calls and executes cmd.exe.
Example code:
cmd.exe
You would then save it as "cmd.bat". And when clicking on it, you get command prompt. From their you can further penetrate the system... maybe even get admin. :D
Have fun...
First an introductory on what we are trying to bypass. LAPL (Los Angeles Public Libraries) use windows 2000 as their OS. They replace the regular explorer.exe with their own. There explorer.exe secures the OS in someway by hiding icons and restricting access to programs other than IE. The key to bypass their program I their own explorer.exe and also Window's "ICA seamless session".
Window's ICA seamless session runs when you have a published application which will want to run in a desktop like the normal explorer.exe. This behavior is caused because your application has initialized 'explorer.exe'. By default, when explorer.exe is initialized it checks to see whether an instance of explorer.exe is running within the users session. If there is already an instance of explorer.exe running, Windows Explorer is started. However, if explorer.exe is not already started, a server desktop is spawned.
Now, you may ask how you would be able to run "ICA Seamless Session". To do this you must first have access to a computer in the library.
Open up IE and enter "http://webcheck.lapl.org/icas/60word.ica" in the address bar. What this link does is automatically run Microsoft Word. Now, while your are in word. You file -> open. Then you will see "My computer" and "My Network Places". Right click any of them, and then click "explore".
What this does is try to run "explorer.exe" but wait, explorer isn’t running... so what Windows does is eliminate the Library's explorer.exe and runs the regular explorer.exe in a Seamless session. This session ends when you log off or turn off the computer.
After that, just check the desktop, and voila, ICONS!!! LOL, also click Start and voila "run", "Programs", more icons!! Lol.
To run the command prompt you basically create a batch file which calls and executes cmd.exe.
Example code:
cmd.exe
You would then save it as "cmd.bat". And when clicking on it, you get command prompt. From their you can further penetrate the system... maybe even get admin. :D
Have fun...
Posted by 
