Infiltration
THEORY
Ethics
Observations
 
PRACTICE
Abandoned Sites
Boats
Churches
Drains/Catacombs
Hotels/Hospitals
Transit Tunnels
Utility Tunnels
Various
 
RESOURCES
Exploration Timeline
Infilnews
Infilspeak Dictionary
Usufruct Blog
Worldwide Links
Infiltration Forums home | search | login | register

Reply
Infiltration Forums > Private Boards Index > HACKED! > iNet Protector Hacked(Viewed 5946 times)
Vectored Approach location:
Morgan Hill, CA
 
 |  | 
iNet Protector Hacked
< on 1/7/2011 12:12 AM >
Posted on Forum: UER ForumQuote
If your employer, like mine, has locked up access to the internets so you can't surf for porn/lurk in UER during working hours I have found the solution! I stumbled over this while doing a registry hack to remove a fake anti-virus.

iNet Protector uses a whitelist of websites and a whitelist of programs. The entries for these are located UNENCRYPTED in the system registry! They are not locked down in any way and can easily be changed. Of course, it may be noticed by anybody logging in to your system to approve/disapprove sites/programs so do so at your own risk.

Do not do this if you are unfamiliar with how to behave in your Windows Registry. Deleting or altering the wrong thing can have bad results, up to an including hosing your system and killing your parents.

1. Go to Run and type REGEDIT
2. Browse down the tree to:
HKEY_LOCAL_MACHINE\SOFTWARE\Karlis Blumentals\iNet Protector\1.0
3. Scroll down the right pane a little and you will see ProtectedIP, ProtectedPort, ProtectedService and ProtectedSite entries. Simply add your favorite site to the list, or just whitelist your browser under services.
4. Close regedit and reboot.
5. WIN!

I assume no responsibility for your actions with this hack. I barely call it a hack as I basically tripped over it and it broke. I expended ZERO EFFORT on this one as it's not even worthy of being designated as security software. It is a mere annoyance. If you get fired/abused/blow up your equipment, it is all on you. Enjoy!



Honesty may be the best policy, but it's important to remember that apparently, by elimination, dishonesty is the second-best policy. -George Carlin (1937 - 2008)
Shael location:
Witherbee, NY.
 
 |  | 
Re: iNet Protector Hacked
<Reply # 1 on 1/7/2011 6:17 AM >
Posted on Forum: UER ForumQuote
Easier way...

Get yourself a friend with a simple linux box, get him or her to set you up a shell account so that you can browse the internet using putty, which is a tiny telnet client you can run from a usb stick and runs through an SSH tunnel. Unless you can find a full image client that'll work through SSH. All your employer will see is gibberish and a net address to some site that's harmless. Just don't do it so much that you draw attention to yourself.

This is what I do at work. Some of the things I need to see while I'm there I can't have access to because the IP address comes back as registered to my employer and the union website will block me because of it, so this is the best way I've found to get the information I need without leaving a foot print. My employer only sees the linux box address and that's all the website I need to look at will see as well.


[last edit 1/7/2011 6:18 AM by Shael - edited 1 times]

"The best wine lies at the bottom of the pail/And Happiness lies below the navel." - Drukpa Kunley, "The Divine Madman of the Dragon Lineage" and "Saint of 5,000 Women".
Vectored Approach location:
Morgan Hill, CA
 
 |  | 
Re: iNet Protector Hacked
<Reply # 2 on 1/9/2011 9:02 PM >
Posted on Forum: UER ForumQuote
Yes, that would be easier for those who have the skills and equipment. However for us non-linux windows bottom feeders this will work in a pinch. Also, your requirements for access are much more specific. Simply routing around iNetProtector won't do for your needs.

I also sorted out that if you take a copy of firefox, dump it somewhere else and rename it as something you would normally use (like Autocad or Excel or whatever), then put that .exe in as a protected service, you're golden.

Me personally, I've whitelisted my Winamp and a handful of other applications that get nerfed by having web access blocked. I'm not actually using them to surf the net, but I can actually use them. Like Winamp can now access shoutcast so I can locate stations I want to listen to.


FYI: iNetProtector basically stops routing of DNS. If you type in a wwww web address, it will not resolve. If you have a direct IP address and port number, that will work just fine. For Winamp, I had several streaming stations bookmarked as ip/port which worked just fine... but occasionally the stations will move or shut down. Then I need a new one.

These little aggravations go away when you whitelist your software.



Honesty may be the best policy, but it's important to remember that apparently, by elimination, dishonesty is the second-best policy. -George Carlin (1937 - 2008)
hyphen location:
Ontario, Canada
 
 |  | 
Re: iNet Protector Hacked
<Reply # 3 on 1/20/2011 12:16 AM >
Posted on Forum: UER ForumQuote
To be completely honest, I've never heard of iNet Protector, but your solution only works if you have permission to edit the Windows Registry, which even the most basic of hardening should prevent: Absolutely no user besides a sysadmin should be able to log in with an administrator level account. A basic user account shouldn't be able to make reg edits, and the auditing settings should be such that any attempt at a registry edit is reported in Event Viewer.

Any enterprise serious about security (shouldn't be using Windows. . . heyo!) would likely at least have Active Directory deployed.


You've found a creative solution to an annoying problem, but it doesn't sound like your employer is really very serious about IT security in the first place.



Vectored Approach location:
Morgan Hill, CA
 
 |  | 
Re: iNet Protector Hacked
<Reply # 4 on 4/26/2011 7:50 PM >
Posted on Forum: UER ForumQuote
No, they certainly don't know what the hell they're doing as far as security. Just yesterday they learned that a couple people had the password to allow internet access. So they went around to everybody's systems, including mine, and put in a new password. Hasn't changed a darn thing as far as I can see.

Yes, true enterprise level security you won't be able to do this sort of thing. I'm certainly hoping my employer hasn't actually paid for this "security window dressing" software. It annoyed me for a short time, but I hadn't really focused any energy on defeating it. And if I'm really hard up for access, I just pull out my Android phone.

It has been my impression for a long time that our in-house IT guy is completely incompetent. When our original guy left, I was kind of assuming since I was the person with the best computer experience that I would take on the role. Not so. This guy basically won't do anything to help you unless you take it up with the bosses over him first. If there's an issue and it doesn't affect him directly, then he is blind to it. He has installed no less than 5 separate anti-malware applications, all of which are free trial versions, on everybody's machines (more is better, right?). Nothing on our main server works cohesively. Our spam filter is a joke as it seems to be partially hobbled by the internet filter. Every other piece of software tries to update and fails. We have an outside vendor who tries to fill in the holes once a week. I've gotten him to remove several of the conflicting pieces of crap from my system and am much happier for it. Security here is not planned, it is implemented like watching an old movie of the Keystone Cops. This isn't even "security theater". It is security slapstick.



Honesty may be the best policy, but it's important to remember that apparently, by elimination, dishonesty is the second-best policy. -George Carlin (1937 - 2008)
Infiltration Forums > Private Boards Index > HACKED! > iNet Protector Hacked(Viewed 5946 times)
Reply

Add a poll to this thread



This thread is in a public category, and can't be made private.

Powered by AvBoard AvBoard version 1.5 alpha
Page Generated In: 46 ms