mIRC Home    About    Download    Register    News    Help

Print Thread
Page 1 of 2 1 2
Joined: Dec 2003
Posts: 7
P
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
P
Joined: Dec 2003
Posts: 7
Hi everbody!

I wish to know how to prevent mIRC to access windows registry.

I have a cybercafe and people is using mIRC to stole registry informations, as for example, game and applications CD-Keys.

A customer show me this code sample that gets Half-Life CD-Keys:

----------
regread {
var %a = regread
.comopen %a WScript.Shell
if !$comerr {
var %b = $com(%a,RegRead,3,bstr,$1-)
var %c = $com(%a).result
.comclose %a
if (%c != $null) return %c
else goto error
}
:error
return error! when reading or key does not exist
}

pegarkey echo -a $regread(HKCU\Software\Valve\Half-Life\Settings\Key)
----------

Best regards,

/Leandro Peracchi

Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
are you locking them from opening the registry in windows as well? (ie. start -> run -> regedit) ? because if not, then it doesnt matter what mirc can/cant do, they can still do it using the windows environment.

if you are, then all i can say is, dont allow the use of such functional irc clients in your cafe

there is a lock, but it does not lock the /comopen commands
you might want to suggest that in the features board, to add a lock to that command as well


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812
You can disable the WScript crap, but I don't recall how.

But yea, if you're going to allow people to run mIRC, you're probably allowing them to download and execute all sorts of files that would compromise your system. If this isn't the case, then simply restrict the creation of any files. If they can't save their script, they can't execute it.

- Raccoon


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Joined: Sep 2003
Posts: 70
M
Babel fish
Offline
Babel fish
M
Joined: Sep 2003
Posts: 70
Well, they could load mirc.ini as a script, couldn't they?

Joined: Dec 2003
Posts: 7
P
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
P
Joined: Dec 2003
Posts: 7
Hi guys! smile

Regedit is disabled by system policies.

The real problem is the comopen command... :tongue:

Joined: Dec 2002
Posts: 3,127
P
Hoopy frood
Offline
Hoopy frood
P
Joined: Dec 2002
Posts: 3,127
Please dont cross post (post the same question in multiple areas). It causes confusion and wont get you more or faster answers. I've deleted the other post since this is the one ppl have replied to


ParaBrat @#mIRCAide DALnet
Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
Since /comclose cannot (yet) be locked in the Options dialog, the only thing you can do about it is creating a custom alias, comclose { halt }, that will stop ordinary scripts from using this feature.

If you would like to disable Wscript, this page might help. I'm not sure if disabling or uninstalling it will make your browser unable to run scripts too.

Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
this should definitely be a call to Khaled to get /comopen lockable in the next mirc


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Joined: Aug 2003
Posts: 18
A
Pikka bird
Offline
Pikka bird
A
Joined: Aug 2003
Posts: 18
Hello there

Well, almost three years back while I had to depend on netcafe's for internet access, I came across few software which were customised so that a fellow user will only have limited privilage or access to the workstation or services. I think finding such a software, where access to the registry or control pannel is disabled by the Administrator could help you to achieve what you seek.
BUT I am not so sure whether mIRC will bypass such securities provided by these sort of Administrating software.

Please check the following links for more details.

www.right-fax.com/cafe/Internet-Cafe-Software.htm
www.h2ad.com
www.antamedia.com

All the best


if it is a door, it will open!
Joined: Dec 2003
Posts: 7
P
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
P
Joined: Dec 2003
Posts: 7
Hi everbody! smile

Thanks for the replies.

I hope that soon a new version of mIRC allow us to lock this /com commands and this way increase the security of computers with mIRC.

For now I will follow the tip of Online and see what I get if I disable Windows Scripting Host.

I am afraid of indesirable side effects of doing this in my computers...

I already use a great software for Cyber Cafes called SmartLaunch.

Take a look at http://www.smartlaunch.net/

Best regards and happy new year for everbody!!!

/Leandro Peracchi

Joined: Dec 2003
Posts: 7
P
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
P
Joined: Dec 2003
Posts: 7
Hi Online!

I followed the steps in the link you provided to disable Windows Scripting Host but this donīt resolved... frown

That function /comopen stills work... :P

Anyway, thanks for help!

/Leandro Peracchi

Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
Yeah you're right... even removal of wscript.exe wouldn't disable the COM object. One thing that worked here is renaming HKEY_CLASSES_ROOT\WScript.Shell to something other than "Wscript.Shell". This makes the object not usable (until you rename it back, that is). This solution doesn't seem to interfere with IE's script parsing abilities, but if you decide to do this, just write down to yourself that you did, because some applications (or scripts) might need it. I don't know...

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
wouldnt do much good if ppl put older versions on there now would it, it should have had this ability built into the OS for that type of environment adding it now wouldnt really solve any issue


D3m0nnet.com
Joined: Sep 2003
Posts: 70
M
Babel fish
Offline
Babel fish
M
Joined: Sep 2003
Posts: 70
Well, theoretically, an admin should control what programs are run on there......right?

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
theory is a nice concept that makes u feel all warm and fuzzy inside, here we deal with facts not theory


D3m0nnet.com
Joined: Sep 2003
Posts: 70
M
Babel fish
Offline
Babel fish
M
Joined: Sep 2003
Posts: 70
So you're telling me that real admins DON'T decide which programs are run?

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
no what im tellin u is that windows doesnt really allow real admin control. if it did this would have never ever been an issue at all.


D3m0nnet.com
Joined: Jul 2003
Posts: 742
Hoopy frood
Offline
Hoopy frood
Joined: Jul 2003
Posts: 742


http://MTec89Net.com
irc.freenode.net #MTec89Net
Joined: Dec 2003
Posts: 7
P
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
P
Joined: Dec 2003
Posts: 7
Hi everbody! smile

I still don't find a solution to this problem... frown

Any other ideas?

Best regards,
/Leandro Peracchi

Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
Did you try to rename that registry key? It's a rather safe solution that works here. Once it's done, scripts will not be able to address the Wscript.Shell object and use its capabilities.

Joined: Dec 2003
Posts: 7
P
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
P
Joined: Dec 2003
Posts: 7
Hi Online! smile

No, I didn't tried to rename that registry key...

I am afraid of that other programs stop to work correctly.

Are you using this solution? Do you see if another program stops to work?

Thanks again for the quick response!

Best regards,
/Leandro Peracchi

Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
Look, Wscript is an optional part of the Windows, so nothing is supposed to crash if you disable it (fully or partially). I don't think the COM object is widely used by applications. When I browsed the web I noticed that it's only used by some VB Scripts (*.vbs) and particular server-side ASP applications (theoretically every programming language with COM interface can use it).

So... feel free to rename the key to anything else you'd want, and if (in the worst case) a program complain about a missing Wscript object, you'll always be able to rename it back. I see no danger in doing it, and at least when I did myself nothing went wrong.

I hope this answered your questions, and if anyone feels like correcting me, please do so. Good luck! smile

Joined: Nov 2003
Posts: 2,327
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Nov 2003
Posts: 2,327
just out of curiosity, where the hell did you learn so much about COM objects? (this is directed at querty too)


New username: hixxy
Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
When I found a name of an interesting COM object that might become useful (for example, Word.Application; Microsoft.XMLHTTP; ADOX.Catalog), I used google to search for its name. That's now I learned (or not) about possible ways to use it.

Microsoft's Ole Viewer allows you to browse through the objects you have on your PC and reveal their methods and properties.

This is what I did, but qwerty might have something to add laugh

Joined: Dec 2003
Posts: 7
P
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
P
Joined: Dec 2003
Posts: 7
Hi guys! smile

I just followed the Online tip.

Will do some tests to see if I detect some problem.

If something goes wrong, I return to give you a feedback.

Best regards,
/Leandro Peracchi

Joined: Nov 2003
Posts: 2,327
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Nov 2003
Posts: 2,327
i just searched the whole thing and certain objects i _know_ are on my pc weren't listed, including: MAPI.Session, WScript.Shell and WinHTTP5.1.dll frown


New username: hixxy
Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
Google should return a few results for every object, including pieces of code from which you can get ideas. However this is what I can add:

WScript.Shell - Get Wscript's documentation here.

MAPI.Session - If it's identical to MSMAPI.* objects, this example might become useful.

WinHTTP5.1.dll - What you are looking for is "WinHttp.WinHttpRequest.5.1", but keep in mind that this object only exists on some WinXP systems, so don't expect scripts that depend on it to work everywhere. Instead, use "Microsoft.XMLHTTP"

Joined: Nov 2003
Posts: 2,327
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Nov 2003
Posts: 2,327
thankyou for the mapi.session link, ive been wondering how to send emails WITH attachments for a while, ty smile


New username: hixxy
Joined: Apr 2003
Posts: 426
Fjord artisan
Offline
Fjord artisan
Joined: Apr 2003
Posts: 426
Your problem isn't with mIRC so to speak, but with the lack of security policies in your OS environment.

If you are using Windows 2000 or Windows XP Pro as the OS for these machines, you are better off using Group Policies to disable registry access to users.

Be careful, however.


--------
mIRC - fun for all the family (except grandma and grandpa)
Page 1 of 2 1 2

Link Copied to Clipboard