Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 21
Members Online: 1

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | Computer General | Increasing Security

Page 2 of 2 < 1 2
Author

RE: Disabling command prompt


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 07:53
as i am going to be a junior next year i have spent countless hours creating batch files and trying to somehow get into the damn win32 folder but all have failed due to: Novell

Even when i did manage to open command prompt after a few seconds the program would recognize it as a process and quickly run a script to disable my method used. I really don't understand why Microsoft didn't for see CMD as being a problem for schools and just have a simple option to disable CMD for non administrators.


Author

RE: Disabling command prompt


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 16:01
If your using a Windows domain, you get set group policy to disable all use of the command prompt for specific OUs.
Author

RE: Disabling command prompt


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 16:04
slpctrl wrote:
What operating system are you using?

when he says command prompt im sure he means windows (Y)


Author

RE: Disabling command prompt


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 17:51
sparrow wrote:
If your using a Windows domain, you get set group policy to disable all use of the command prompt for specific OUs.


I'm not sure specific permissions are the way to go here. You need a little practice in there before you go f*cking with that and messing it up to the point of disaster.

& lol @ DJDotti's reply. :happy:




Edited by on 21-06-07 17:52
Author

RE: Disabling command prompt


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 19:07
nights_shadow wrote:
I'm not sure specific permissions are the way to go here. You need a little practice in there before you go f*cking with that and messing it up to the point of disaster.

& lol @ DJDotti's reply. :happy:


Specific permissions is a viable option, however, as long as it's done correctly. You can organize the permission types into separate GPOs, and then layer the GPOs onto different OUs of users. I currently do that, and I've found it much easier than just creating multiple different GPOs that all block "most" things. Makes the GPOs easier to maintain, too.

You could also try the registry hack I saw above, where it adds "exit" to the end of the commands but, instead of "exit", you could try "break", which would cancel the current command before it executes. To get around that, though, they could probably just pad their batch file with some trailing BS commands.

So... maybe you could try using GPO to disable viewing and accessing the C drive. Then, just change the permissions on the Desktop and My Documents (and all subfolders) to read-only. That might help to mitigate the problem since, if they can't save the batch file, they can't run it.



Author

RE: Disabling command prompt


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 19:12
[edit]nested quotes problem[/edit]
Zephyr_Pure wrote:

Specific permissions is a viable option, however, as long as it's done correctly. You can organize the permission types into separate GPOs, and then layer the GPOs onto different OUs of users. I currently do that, and I've found it much easier than just creating multiple different GPOs that all block "most" things. Makes the GPOs easier to maintain, too.

You could also try the registry hack I saw above, where it adds "exit" to the end of the commands but, instead of "exit", you could try "break", which would cancel the current command before it executes. To get around that, though, they could probably just pad their batch file with some trailing BS commands.

So... maybe you could try using GPO to disable viewing and accessing the C drive. Then, just change the permissions on the Desktop and My Documents (and all subfolders) to read-only. That might help to mitigate the problem since, if they can't save the batch file, they can't run it.


I think going in there is a great choice. Probably the best to use on a Windows OS. But, i've seen many a strange thing when new people start messing with objects and containers...




Edited by on 21-06-07 19:17
Author

RE: Disabling command prompt


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 19:45
nights_shadow wrote:
But, i've seen many a strange thing when new people start messing with objects and containers...


Agreed... it's not recommended to try to apply experimental settings in a production environment. Rather, I would create the layered GPOs, create separate OUs to mimic the type of structure that your domain needs, and use test accounts in each OU on a test machine to ensure that the effects are what you are looking to attain.



Author

RE: Disabling command prompt


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 20:05
Zephyr_Pure wrote:
Agreed... it's not recommended to try to apply experimental settings in a production environment. Rather, I would create the layered GPOs, create separate OUs to mimic the type of structure that your domain needs, and use test accounts in each OU on a test machine to ensure that the effects are what you are looking to attain.


Couldn't of said it better myself. This is definately the way to go if you want to put the time into it (not insinuating that it takes a lot of time).


Page 2 of 2 < 1 2