Thawing Out DeepFreeze
by Murder Mouse
Section 1: The Introduction
----------------------------
If your school is like many then they might use a program on all accessable
computers called DeepFreeze. DeepFreeze is a program released by Faronics that's
task is to preserve the original configuration of the workstation. Therefore,
if you install a game or something on one of the computers protected by
DeepFreeze, then the next time that computer is rebooted the game is gone.
However, it's been known for a while that there are ways to bypass DeepFreeze.
How is Faronics responding to this threat? The same way any great conspiracy
theorist would expect a business like them to, by trying to cover everything
up. In 2003 Faronics tried and failed in filing a suit to Google in order to
limit the access it's users have to information related to exploiting DeepFreeze.
Meanwhile they still triumph DeepFreeze on their site as the best thing since
sliced bread when it comes to computer security. Therefore instead of taking
the appropriate measures towards these problems they are trying their
damnest to maintain a state of security through obscurity. Sorry Faronics, but
as any IT tech will gladly tell you, it just simply doesn't work. So without
further delays lets get on with ways of getting past DeepFreeze...
Section 2: DeepUnfreezer
-------------------------
This really isn't even a section as much as it is just to let you know in case
you don't that this tool is included with this kit. It's a program created by
Emiliano Scavuzzo that does a pretty damn good job of thawing out DeepFreeze.
Included in the deepunfreezer.zip is a manual, including screenshots, on how
to use this tool. Be sure to read this manual before using the tool, though it's
use should be pretty self-explanatory. If you try to use this tool and it
doesn't work then that means that your school is using the latest build of
DeepFreeze (which as of the date I'm writing this, 4-10-06, is 1426). If this
is the case then read on to figure out other ways to bypass DeepFreeze.
Section 3: Persi0.sys
-----------------------
This next technique involves creating a persi0.sys file to replace the one
on the workstation. This is the primary configuration file used by DeepFreeze,
and can usually be found in C:\. To do this go to Faronic's web site
(www.faronics.com) and download an evaluation copy of DeepFreeze. Then install it
on your computer and set it to have a null password, and to have all drives
thawed. Then pop a knoppix-std cd or some live cd and find your persi0.sys, and
copy this file to a USB stick. Then take this to school with your knoppix cd.
Then reboot the workstation with the live cd distro and usb stick already set
and ready. Boot into the distro, save a backup copy of the original configuration
file onto your USB stick, and replace the original on the workstation with yours.
Then just reboot the computer, take out your cd and USB stick, and enjoy.
Section 4: Persifrz.vxd
------------------------
I can't guarantee that this works on newer builds of DeepFreeze, but it's worth
a shot. This file can usually be found in the iosubsys folder in system/system32.
This is the virtual driver for DeepFreeze, and if you wipe this off then
DeepFreeze is done for. To do this grab a floppy disk with dos, reboot the
computer with your floppy in the A: drive, find the file from there, and del
it.
Section 5: Worst Case Scenerio
-------------------------------
The worst case scenerio here is that your school is using the latest build of
DeepFreeze, has password protected the BIOS, and only allows booting to C:\.
If this is the case, well, I'm sorry to say it, but you are shit out of luck.
You could always remove the CMOS battery to bypass the BIOS measure, but this
would require you to open up the casing, which isn't something you can exactly
do unless you either have permission or a very long opportune moment (which
is pretty fucking doubtful). You can ask around to see if maybe there is some
advice that anyone can give you on possibly getting around this, but I wouldn't
expect much. Luckily most schools (at least as far as I know) aren't smart
enough to implement all three, and there is always a workaround. Good luck.
tirsdag 7. oktober 2008
søndag 5. oktober 2008
How to bypass restrictions to get to the command prompt
Ok, you're at a console at the library, school or other public
termimal. Access to C: is blocked. The command prompt is blocked.
You're trying to do something, and you can't because of these
restrictions. What a load of shit.
First things first... Get to the command prompt. Once you've got
access to DOS, you're in good shape. If it's blocked, try the easy
way first.
*****************************************
Method 1:
1. Open any folder or browser.
2. Type the location of cmd.exe or the prompt depending on the OS.
Example: "C:\windows\system32\cmd.exe" or "C:\winnt\system32
\cmd.exe" (for NT)
*****************************************
Method 2:
1. Save the cmd.exe prog to a floppy and do a "A:/cmd.exe".
2. If you dont want to run it off the A:, then save it to the
computer and launch it from somewhere you have access to.
(note: ctrl-c / ctrl-v if cut and copy is blocked.)
****************************************
Method 3:
1. Download QuickBASIC. http://www.geocities.com/aliphax/files/qb.zip
2. Make a program that works similar to cmd.exe, but isn't blocked.
SHELL "cd>~cd.tmp"
OPEN "~cd.tmp" FOR INPUT AS #1
LINE INPUT #1, f$
CLOSE #1
KILL "~cd.tmp"
f$ = f$ + "\~cd.tmp"
DO
SHELL "cd>" + f$
OPEN f$ FOR INPUT AS #1
LINE INPUT #1, cd$
CLOSE #1
KILL f$
PRINT cd$ + ">";
LINE INPUT cmd$
SHELL cmd$
LOOP UNTIL LCASE$(cmd$) = "exit"
3. Save as "something.bas"
4. Click Run
5. Make EXE File
6. Stand-Alone EXE File
7. Make EXE
8. Exit
9. Execute "something.exe"
***************************************
Method 4:
1. If you have access to office, start word
2. Run the vb-runtime option
3. Add an command button and do an on-click sub which says:
Shell "cmd"
4. Run it
***************************************************
Method 5:
Simply open up the browser, go to view source, select New,
type "command", and save it as dos.bat. Then just simply open up
dos.bat to open up command prompt.
-HÅ££Å / Murder Mouse
Thanks to z1p and Alipha for the copy of QBasic for the tutorial.
Also thanks to phantiC for suggesting the VB runtime option in office.
termimal. Access to C: is blocked. The command prompt is blocked.
You're trying to do something, and you can't because of these
restrictions. What a load of shit.
First things first... Get to the command prompt. Once you've got
access to DOS, you're in good shape. If it's blocked, try the easy
way first.
*****************************************
Method 1:
1. Open any folder or browser.
2. Type the location of cmd.exe or the prompt depending on the OS.
Example: "C:\windows\system32\cmd.exe" or "C:\winnt\system32
\cmd.exe" (for NT)
*****************************************
Method 2:
1. Save the cmd.exe prog to a floppy and do a "A:/cmd.exe".
2. If you dont want to run it off the A:, then save it to the
computer and launch it from somewhere you have access to.
(note: ctrl-c / ctrl-v if cut and copy is blocked.)
****************************************
Method 3:
1. Download QuickBASIC. http://www.geocities.com/aliphax/files/qb.zip
2. Make a program that works similar to cmd.exe, but isn't blocked.
SHELL "cd>~cd.tmp"
OPEN "~cd.tmp" FOR INPUT AS #1
LINE INPUT #1, f$
CLOSE #1
KILL "~cd.tmp"
f$ = f$ + "\~cd.tmp"
DO
SHELL "cd>" + f$
OPEN f$ FOR INPUT AS #1
LINE INPUT #1, cd$
CLOSE #1
KILL f$
PRINT cd$ + ">";
LINE INPUT cmd$
SHELL cmd$
LOOP UNTIL LCASE$(cmd$) = "exit"
3. Save as "something.bas"
4. Click Run
5. Make EXE File
6. Stand-Alone EXE File
7. Make EXE
8. Exit
9. Execute "something.exe"
***************************************
Method 4:
1. If you have access to office, start word
2. Run the vb-runtime option
3. Add an command button and do an on-click sub which says:
Shell "cmd"
4. Run it
***************************************************
Method 5:
Simply open up the browser, go to view source, select New,
type "command", and save it as dos.bat. Then just simply open up
dos.bat to open up command prompt.
-HÅ££Å / Murder Mouse
Thanks to z1p and Alipha for the copy of QBasic for the tutorial.
Also thanks to phantiC for suggesting the VB runtime option in office.
Abonner på:
Innlegg (Atom)
