logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

Protection bypass in Black Board Windows Lock
Date: 2003-03-25

Author : L0BSTAH <freezer2k@mail.ru>


Software: Black Board Windows Lock 6.2 (BBWL)
Vendor: BlackBoard Software
URL: http://www.blackboardsoftware.com
Platform: Windows 9x/NT
Vulnerability: Protection bypass

Description:

BBWL is Win32 utility which locks user within desktop disabling hotkeys
(Ctrl+Alt+Del, Alt+F4) and requiring password to enable them.

First, this unless documentation states BBWL may be used on Windows NT,
it doesn't work because of API differences.

Second, to disable Ctrl+Alt+Del utility uses SystemParametersInfo() API,
and thus it may be disabled by reverse call

SystemParametersInfo( SPI_SCREENSAVERRUNNING, 0, nil, 0);

To prevent this kind of vulnerability vendors should follow some rules
to protect data. My advise it to change program kernel and do not use
trivial tricks like that.
Under 9x event hooks for keyboard should be used.
Under NT program logic should be fully changed. One of possible solution
may be service with Local System privileges to monitor process address
space and to intercept some system calls (for example TerminateProcess
to restart program instead of termination) and to kill suspicious
processes.

#############################################################
Black Board Windows Lock 6.2\rus
#############################################################

?????: BlackBoardSoftware
????: www.blackboardsoftware.com
?????????:::: 9x\NT(???????? ? ????????????)
??? ??????????: ??????????? ?????? ????????????.

{:::::: ???????? ?????????? :::::}

??? win32 ?????????? ??????? BBWL, ???? ???????, ?????????? ?????? ????????
????? ???????? ?????????? (Ctrl+Alt+del, Alt+F4, ? ?.?.). ? NT ?????????? ?????????
??????? ??????? ??????? ??????? ?? 9x, ??????? ???? ???? ? NT ?????? ?? ????????.
??? ??????? ??????, ???????????? ?? ?????? ????? ? ???????. ????? ?????????
CTRL+ALT+DEL ??? ???????? ???????:
SystemParametersInfo(), ??????? ?????? ??? ????????? ???????? ???????,
??????? ???????? "??????? ???????":
SystemParametersInfo( SPI_SCREENSAVERRUNNING, 0, nil, 0);

{ ????? ???????? ??????????, ????? ?????????????? ???????????? ??????, ???????
?????? ??????????? ???? ??????. ? ??????? ????????????? ???????????? ????????
???? ?????????, ? ?? ???????????? ????? ??????? ?????????.
??? [9x] ????? ????????? ???????, ??????????? ?? ???????, ???????????
?? ?????????? ?????? ????????? (hooks),
????????? ??????? ???????????? ???????, ????? ??????? ??????????.
??? [NT] ????? ???????????? ???????? ?????? ?????????.
????? ?? ????????? ?????????, ???????, ??????? ????? ???????? ?????????? ????????????,
????????? ?? ???????????? ???????? ? ????????? ????????????. (???????? ?? TerminateProcess
????? ?????? ????????? ???????). ? ??????? ?????????????? ????????? ???? ????????????
taskmanagera. }

#l0bstah.
#greetz 2: subj, l0vch1y -hehe, xCrZx, sunr1se, p01nt3r ;), lukash, net[LSD], ex`UCL




 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy