mIRC Home    About    Download    Register    News    Help

Print Thread
Page 1 of 2 1 2
P
peracchi
peracchi
P
Hi everbody!

I wish to know how to prevent mIRC to access windows registry.

I have a cybercafe and people is using mIRC to stole registry informations, as for example, game and applications CD-Keys.

A customer show me this code sample that gets Half-Life CD-Keys:

----------
regread {
var %a = regread
.comopen %a WScript.Shell
if !$comerr {
var %b = $com(%a,RegRead,3,bstr,$1-)
var %c = $com(%a).result
.comclose %a
if (%c != $null) return %c
else goto error
}
:error
return error! when reading or key does not exist
}

pegarkey echo -a $regread(HKCU\Software\Valve\Half-Life\Settings\Key)
----------

Best regards,

/Leandro Peracchi

Joined: Oct 2003
Posts: 3,641
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,641
are you locking them from opening the registry in windows as well? (ie. start -> run -> regedit) ? because if not, then it doesnt matter what mirc can/cant do, they can still do it using the windows environment.

if you are, then all i can say is, dont allow the use of such functional irc clients in your cafe

there is a lock, but it does not lock the /comopen commands
you might want to suggest that in the features board, to add a lock to that command as well

Joined: Feb 2003
Posts: 2,737
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,737
You can disable the WScript crap, but I don't recall how.

But yea, if you're going to allow people to run mIRC, you're probably allowing them to download and execute all sorts of files that would compromise your system. If this isn't the case, then simply restrict the creation of any files. If they can't save their script, they can't execute it.

- Raccoon


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
M
madewokherd
madewokherd
M
Well, they could load mirc.ini as a script, couldn't they?

P
peracchi
peracchi
P
Hi guys! smile

Regedit is disabled by system policies.

The real problem is the comopen command... :tongue:

Joined: Dec 2002
Posts: 3,015
P
Hoopy frood
Offline
Hoopy frood
P
Joined: Dec 2002
Posts: 3,015
Please dont cross post (post the same question in multiple areas). It causes confusion and wont get you more or faster answers. I've deleted the other post since this is the one ppl have replied to

Joined: Dec 2002
Posts: 1,893
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,893
Since /comclose cannot (yet) be locked in the Options dialog, the only thing you can do about it is creating a custom alias, comclose { halt }, that will stop ordinary scripts from using this feature.

If you would like to disable Wscript, this page might help. I'm not sure if disabling or uninstalling it will make your browser unable to run scripts too.

Joined: Oct 2003
Posts: 3,641
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,641
this should definitely be a call to Khaled to get /comopen lockable in the next mirc

A
Amar
Amar
A
Hello there

Well, almost three years back while I had to depend on netcafe's for internet access, I came across few software which were customised so that a fellow user will only have limited privilage or access to the workstation or services. I think finding such a software, where access to the registry or control pannel is disabled by the Administrator could help you to achieve what you seek.
BUT I am not so sure whether mIRC will bypass such securities provided by these sort of Administrating software.

Please check the following links for more details.

www.right-fax.com/cafe/Internet-Cafe-Software.htm
www.h2ad.com
www.antamedia.com

All the best

P
peracchi
peracchi
P
Hi everbody! smile

Thanks for the replies.

I hope that soon a new version of mIRC allow us to lock this /com commands and this way increase the security of computers with mIRC.

For now I will follow the tip of Online and see what I get if I disable Windows Scripting Host.

I am afraid of indesirable side effects of doing this in my computers...

I already use a great software for Cyber Cafes called SmartLaunch.

Take a look at http://www.smartlaunch.net/

Best regards and happy new year for everbody!!!

/Leandro Peracchi

P
peracchi
peracchi
P
Hi Online!

I followed the steps in the link you provided to disable Windows Scripting Host but this don“t resolved... frown

That function /comopen stills work... :P

Anyway, thanks for help!

/Leandro Peracchi

Joined: Dec 2002
Posts: 1,893
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,893
Yeah you're right... even removal of wscript.exe wouldn't disable the COM object. One thing that worked here is renaming HKEY_CLASSES_ROOT\WScript.Shell to something other than "Wscript.Shell". This makes the object not usable (until you rename it back, that is). This solution doesn't seem to interfere with IE's script parsing abilities, but if you decide to do this, just write down to yourself that you did, because some applications (or scripts) might need it. I don't know...

Joined: Dec 2002
Posts: 1,518
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,518
wouldnt do much good if ppl put older versions on there now would it, it should have had this ability built into the OS for that type of environment adding it now wouldnt really solve any issue

M
madewokherd
madewokherd
M
Well, theoretically, an admin should control what programs are run on there......right?

Joined: Dec 2002
Posts: 1,518
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,518
theory is a nice concept that makes u feel all warm and fuzzy inside, here we deal with facts not theory

M
madewokherd
madewokherd
M
So you're telling me that real admins DON'T decide which programs are run?

Joined: Dec 2002
Posts: 1,518
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,518
no what im tellin u is that windows doesnt really allow real admin control. if it did this would have never ever been an issue at all.

Joined: Jul 2003
Posts: 733
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jul 2003
Posts: 733

P
peracchi
peracchi
P
Hi everbody! smile

I still don't find a solution to this problem... frown

Any other ideas?

Best regards,
/Leandro Peracchi

Joined: Dec 2002
Posts: 1,893
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,893
Did you try to rename that registry key? It's a rather safe solution that works here. Once it's done, scripts will not be able to address the Wscript.Shell object and use its capabilities.

P
peracchi
peracchi
P
Hi Online! smile

No, I didn't tried to rename that registry key...

I am afraid of that other programs stop to work correctly.

Are you using this solution? Do you see if another program stops to work?

Thanks again for the quick response!

Best regards,
/Leandro Peracchi

Joined: Dec 2002
Posts: 1,893
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,893
Look, Wscript is an optional part of the Windows, so nothing is supposed to crash if you disable it (fully or partially). I don't think the COM object is widely used by applications. When I browsed the web I noticed that it's only used by some VB Scripts (*.vbs) and particular server-side ASP applications (theoretically every programming language with COM interface can use it).

So... feel free to rename the key to anything else you'd want, and if (in the worst case) a program complain about a missing Wscript object, you'll always be able to rename it back. I see no danger in doing it, and at least when I did myself nothing went wrong.

I hope this answered your questions, and if anyone feels like correcting me, please do so. Good luck! smile

Joined: Nov 2003
Posts: 2,321
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Nov 2003
Posts: 2,321
just out of curiosity, where the hell did you learn so much about COM objects? (this is directed at querty too)

Joined: Dec 2002
Posts: 1,893
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,893
When I found a name of an interesting COM object that might become useful (for example, Word.Application; Microsoft.XMLHTTP; ADOX.Catalog), I used google to search for its name. That's now I learned (or not) about possible ways to use it.

Microsoft's Ole Viewer allows you to browse through the objects you have on your PC and reveal their methods and properties.

This is what I did, but qwerty might have something to add laugh

P
peracchi
peracchi
P
Hi guys! smile

I just followed the Online tip.

Will do some tests to see if I detect some problem.

If something goes wrong, I return to give you a feedback.

Best regards,
/Leandro Peracchi

Joined: Nov 2003
Posts: 2,321
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Nov 2003
Posts: 2,321
i just searched the whole thing and certain objects i _know_ are on my pc weren't listed, including: MAPI.Session, WScript.Shell and WinHTTP5.1.dll frown

Joined: Dec 2002
Posts: 1,893
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,893
Google should return a few results for every object, including pieces of code from which you can get ideas. However this is what I can add:

WScript.Shell - Get Wscript's documentation here.

MAPI.Session - If it's identical to MSMAPI.* objects, this example might become useful.

WinHTTP5.1.dll - What you are looking for is "WinHttp.WinHttpRequest.5.1", but keep in mind that this object only exists on some WinXP systems, so don't expect scripts that depend on it to work everywhere. Instead, use "Microsoft.XMLHTTP"

Joined: Nov 2003
Posts: 2,321
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Nov 2003
Posts: 2,321
thankyou for the mapi.session link, ive been wondering how to send emails WITH attachments for a while, ty smile

Joined: Apr 2003
Posts: 426
N
Fjord artisan
Offline
Fjord artisan
N
Joined: Apr 2003
Posts: 426
Your problem isn't with mIRC so to speak, but with the lack of security policies in your OS environment.

If you are using Windows 2000 or Windows XP Pro as the OS for these machines, you are better off using Group Policies to disable registry access to users.

Be careful, however.

Page 1 of 2 1 2

Link Copied to Clipboard