× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2007

Re: How Secure is Windows, Really?


Can you create a *PGM object using QNTC?
No. But you can create/modify a PASE program. Or a Java class. These are compiled code, but not stored in a *PGM object, but rather an ordinary stream file.
And, of course, you can modify any interpreted language, since the "executable" in that case is nothing but a data in a file. 

What I'd do is something like this:
a) Scan a block of IP addresses or (insert some other way of getting IP addresses here) and try to connect to an SMB server on any of them. 

b) Scan for PASE executables that I have write permission to.
c) Move the execs somewhere else, and insert my shell script (or progam, I guess it doesn't matter) where the original one was. Put code in there that creates a CL or RPG or MI program or whatever's needed. Have that program go through and insert itself into the various CPPs or VCPs or whatever.... assuming the script is run with adequate authority, of course. That way, it can wait for an appropriate user to try to run the utility.
d) Scan for Java classes, if any are found, download them and run them through javap or a similar tool to find the public classes. Create a Java class that exports the same items, but runs my code when any method is called. Have it run the real class (again, moved to a different location) any time the class is used. Maybe use a custom class loader to make it easier to call the backend class. Basically, do the same thing with my code here that I would've done in PASE.
e) Try the same steps for REXX or Qshell or OCL or whatever else I can think of.
I dunno... it'd take more refinement to get everything exactly right. And it'd be at the mercy of the level of authority granted to whomever is running it, so it'd have to check authority levels and only carry out it's actions if it has enough authority -- and keep waiting until it's eventually run by someone with enough authority to do the deed.
If it found enough systems, it'd find enough that have vulnerable programs that it could spread, and get around the Internet.
I don't intend to do this, mind you. (Sorry, Aaron!) but it should be possible to do it... It's not really that hard when you think about it.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.