Bypassing Xp Security

[bmdsherman]

At my school, the browser installed on all of our computers is IE and I am very strongly against the browser. I have been using Firefox portable on a usb stick but after losing it (and then refinding it) 3 or 4 times, I decided to copy Firefox protable onto the school's computer.

These school computers are locked down very tightly and I am not able to:

• Coppy an EXE file
• Extract a folder
• Install a program
• Use FTP (everything but port 80 is locked down)
• ANY administrative task

I have though about renaming the file to a .txt file, but haven't tried it yet (I'm on break)

Anyone have any ideas?

Thanks!

Brendan

Ps:

I am NOT trying to break any school rules, I have absolutely no intention to get on any websites that the school doesn't want me on, I am only trying to use a better browser then IE.

[Iain]

Why try to circumvent the school's policies? If you feel that there's a good reason why you should have access to Firefox, put a well-reasoned argument to the Network Admin staff and I'm sure that they will review your request seriously. If they, for some reason, don't want you to use Firefox, they'll let you know.

HTH

[3w`Sparky]

I think all schools should have firefox as an option to use along with office.org as this help children make a choice of the software they can use and also allows children without bottomless pockets to produce the same quality documents from there home pc by installing office org that way they can bring into class and know that it is fully computable and supported by the school staff.

why must schools live the microsoft way !

classic example microsoft works , I mean who and why !

yeah your be able to save it as a .txt file no problem there but to be honest if the school wont play ball then your have to stick with your memory stick option.

[Kerberos]

My old school couldn't give a crap less what anyone thinks. They're too lazy to change anything. There's no way they'd even listen. I'm all for "don't break the rules" and such when it's not really a big deal, but on the other hand, I don't see any harm in simply trying to use a different browser.

Before launching into any crazy stuff, I'd have to agree (at least partially) with lain. Asking definitely doesn't hurt. If you end up in my situation and nobody even listens, then you can start trying things.

The first thing I'll say, though, is be careful what you do because some schools can be fairly tough with their rules as far as what they consider you messing around too much. Luckily for me my old school's staff was carefree enough to not even notice when I poked around, but a lot of schools are a different story. You can catch a lot of heat for doing some pretty harmless stuff. Anyways, by the sounds of it you're going to have to go around the OS altogether or at least get some elevated privileges or else you won't be able to do much.

The simplest solution, which requires the computers have an optical drive, would be to just boot into a linux live CD (or possibly even a bootable USB key with something similar on it if that's possible) and work from there. This, of course, fails to take into account any programs or network resources you may require to get school work done. But it's still an example of a partial solution.

If you need access to Windows or anything within it, then a linux live CD could still be used to access the hard drive of the computer to copy over any required programs (although installation is still not possible at this point, so you'd be stuck with portable, no-install applications). This approach would be thwarted if the computers have state-restoration software such as DeepFreeze on them because the hard drive will simply reset to it's stored state upon reboot. This can also be disabled from within linux, but that would be very obvious, fairly permanent, and would not be smiled upon by anyone having to clean up the mess. I would advise against doing that.

Another possible alternative would be attempting to gain higher privileges in Windows through various means. You could try using the "at" command privilege escalation exploit to get system, but I've found it doesn't work on most school computers. Privilege escalation is most definitely considered hacking and exploitation and I can almost guarantee is against the rules. If you're careful you might get away with it a few times, but if you have to do it every time you want to use your browser I'd say it's too risky, even if you're only doing it so you can run something and not to install or modify anything.

Keep in mind that the things I've suggested are not for breaking into school networks/computers or doing anything highly illegal. I definitely would not suggest doing anything too drastic on school computers as I know a few people who got expelled for modifying grades and helping others access blocked websites (I'm sure you can guess what kind -.-' ). Moral is: be careful and don't do anything more than is necessary. If you want to hack a system from one end to the other throw up a virtual machine and have at it. Just keep it at home :D Or at least somewhere where it's harder to figure out that it's you (like...Darren's favorite coffee shop or the airport ;) ).

[H@L0_F00]

Nonono, DeepFreeze does NOT restore the hard drive to the original state (before installation and freezing), it simple discards all changes made upon the computer being rebooted, shutdown, or even just powerd off (physically). Therefore, saving a file to the hard drive while in another OS DOES work :) There are also ways to disable DeepFreeze, make your changes, and then re-enable it without anybody ever knowing (password stays the same :) ).

Also, the "at" command is essentially useless in this situation because it requires Admin level privileges to even execute the command. And, in all reality, the school can get you for "hacking" just because you turned the damn thing on! It pisses me off how schools are completely oblivious to and not at all affected by the thing we call the Constitution here in the US... I mean, wtf happened to freedom of speech and innocent until proven guilty!? If I wasn't constantly looking over my shoulder, I probably would have been expelled by now, and for what? Running Linux? Knowing a bit more about computers than ALL of my teachers? And probably even more than the SysAdmin... They don't care if your work is done and you're just having a little fun... They're scared of any and all intelligence greater than theirs, and that's wrong. Last year the one of the CAMPUS-WIDE Admin passwords was spread, and it sure as hell wasn't due to me... I DON'T want people to know a lot of the things I know, because shit like that happens. Luckily they really didn't investigate it much, otherwise I probably would have been prime suspect since I'm (from what I've seen, know, or heard about) the most knowledgeable when it comes to computers. And they wouldn't need a lick of proof to get me expelled...

Anyways, I feel you. IT Departments at schools have some of the dumbest, single-minded, people I've run across. They're not likely to change ANYTHING even a little bit. It's either "too much work," they have "too little time," or once you show that you know a little something about computers, you're on the watch list, if not being questioned that instant. Computers are so locked down that it's no wonder the average user isn't better off when given a keyboard and mouse, let alone a damn network! All I can really say, though, is, you've gotta be smarter than the game to play it.

/etc/init.d/rant stop

[Kerberos]

Good to see somebody agrees :).

My bad, I never actually bothered to look into how DeepFreeze actually works. It's been many, many years since their computers even ran Windows and I just remembered the name of the program from when they did. They're all linux now :P. And I could've sworn that the at command thing worked (sometimes) if you aren't admin. Oh well, my memory is getting pretty bad :P.

[kickarse]

Good software would read the file encoding and block based on that. So renaming to a txt file would do no good.

[barry99705]

Your "pretty harmless" actions could take a machine out of service for a few hours, would also waste the time of one of the computer techs for the time it takes to reimage the machine. It may seem harmless to you, but from the technician's standpoint they have no clue what you did, so they take the worst case scenario and just blow it away. The reason they don't allow firefox is it can't be easily controlled with active directory like IE can.

[H@L0_F00]

All systems at my school, both Macs and PCs, are imaged from a "district wide image" I found out yesterday... Which means a district wide Admin passwords (There's like 3 different accounts with Admin privs on all the computers...). Who came up with this great idea, I don't know... But it makes a whole hell of a lot of sense to me! The LM hashes weren't disabled on this image either, which means Ophcrack totally owned them within a few minutes.

bmdsherman, I noticed that you didn't mention HOW the restrictions were put in place. That would actually be the best place to start when trying to circumvent unnecessary restrictions.

barry99705, I haven't done anything that has put any computer down for any time. School Admins already have enough computer illiterate people they need to take care of, why would I want to make their job worse? I mean, we're in the same boat, somewhat, when it comes to the fascination with computers, networks, etc. I strongly disagree with the severe restrictions they put on the computers though; we should be educating the users, not stopping them from exploring and learning. I know SOME restrictions are absolutely necessary, and I know that with less restrictions there would be more problems, but the kids need more of an understanding of computers in general. "This generation" is said to be soooo much better with computers... But what can they really do? Check their Myspace every 5 minutes? Tweet about checking their Mypace? Make a Ctrl-c Ctrl-v PowerPoint? Upload a video to YouTube? And what of it do they really even understand? Very little from what I've seen. School is a place for learning, and that should be true across the board.