Page 1 of 27 1234 11 ... LastLast
Results 1 to 10 of 267

Thread: WindSLIC boot CD

  1. #1
    MDL Addicted nononsence's Avatar
    Join Date
    18 Aug 2009
    Posts
    810
    Thanks Information

    Default WindSLIC boot CD

    Last edited by nononsence; 15 Jul 2011 at 12:05.

  2. #2
    MDL Addicted nononsence's Avatar
    Join Date
    18 Aug 2009
    Posts
    810
    Thanks Information

    Default

    bug fix, code cleanup

  3. #3
    MDL Expert Phazor's Avatar
    Join Date
    02 Sep 2009
    Posts
    1,145
    Thanks Information

    Default

    Hi there nononsence,

    I had a look at your first script a couple of days ago and i thought it was very functional. Definitely unprecedented speed as far as drive-finding goes as the right drive is being found instantly after code execution.

    However, with this latest package i get a virus warning for Form1.vb upon unpacking:

    HTML/ADODB.Exploit.Gen

    I assume this is because of this line:

    Dim objOStream = CreateObject("ADODB.Stream")

    Since the same will obviously happen on other peoples computers you might want to use some other method here, otherwise they might think its actually malware...

  4. #4
    MDL Addicted nononsence's Avatar
    Join Date
    18 Aug 2009
    Posts
    810
    Thanks Information
    Last edited by nononsence; 04 Sep 2009 at 06:54.

  5. #5
    MDL Addicted nononsence's Avatar
    Join Date
    18 Aug 2009
    Posts
    810
    Thanks Information

    Default

    changes to a wait cursor durring key install, progress bar works better now.

  6. #6
    MDL Expert Mr Jinje's Avatar
    Join Date
    19 Aug 2009
    Posts
    1,773
    Thanks Information

    Default

    Maybe try declare "ADODB.Stream" as a string variable and pass that variable to create object line. That may alter the heuristics (or it may not). Obviously the laziness at that particular Virus company is just to assume all ADODB connections are bad.

    Dim strADO = "ADODB.Stream"
    Dim objOStream = CreateObject(strADO)

    Be curious for know if they catch that.

  7. #7
    MDL Addicted nononsence's Avatar
    Join Date
    18 Aug 2009
    Posts
    810
    Thanks Information

    Default

    Quote Originally Posted by Mr Jinje View Post
    Maybe try declare "ADODB.Stream" as a string variable and pass that variable to create object line. That may alter the heuristics (or it may not). Obviously the laziness at that particular Virus company is just to assume all ADODB connections are bad.

    Dim strADO = "ADODB.Stream"
    Dim objOStream = CreateObject(strADO)

    Be curious for know if they catch that.

    we have a winner, that one passed virus total.

    Edit

    when I uploaded the the whole form1.vb it got 2 hits again.
    Last edited by nononsence; 04 Sep 2009 at 10:33.

  8. #8
    MDL Expert Mr Jinje's Avatar
    Join Date
    19 Aug 2009
    Posts
    1,773
    Thanks Information

    Default

    Quote Originally Posted by nononsence View Post
    we have a winner, that one passed virus total.
    It seems if you create a text, gif, tiff, jpg file which exceeds a certain buffer size and import via Server.CreateObject("ADODB.Stream") you gain administrator rights over IE6,7,8. AKA the buffer exploit.

  9. #9
    MDL Addicted nononsence's Avatar
    Join Date
    18 Aug 2009
    Posts
    810
    Thanks Information

    Default

    Quote Originally Posted by Mr Jinje View Post
    It seems if you create a text, gif, tiff, jpg file which exceeds a certain buffer size and import via Server.CreateObject("ADODB.Stream") you gain administrator rights over IE6,7,8. AKA the buffer exploit.
    so its a server side thing, that explains why when I name it to form1.txt
    it passes.

  10. #10
    MDL Expert Phazor's Avatar
    Join Date
    02 Sep 2009
    Posts
    1,145
    Thanks Information

    Default

    I did some checking; for the ADODB-Alarm to be triggered these codebits have to be present in the script:

    Code:
    Dim CreateObject("ADODB.Stream")
    
    file.exe
    
    .Open
    
    .SaveToFile
    If any of these lines/parameters are removed then the alarm is not being triggered anymore...

Similar Threads

  1. WindSLIC - PCI Replacement ROM for SLIC Injection
    By truthinjection in forum MDL Projects and Applications
    Replies: 150
    Last Post: 04 Dec 2016, 22:24
  2. WindSLIC remove not possible
    By maxpk in forum BIOS Mods
    Replies: 1
    Last Post: 04 Dec 2016, 20:14
  3. System Wont Boot & BIOS Wont Open After WindSLIC
    By tony_almeida in forum Windows 7
    Replies: 5
    Last Post: 27 Apr 2015, 08:00
  4. WindSLIC volume boot sector
    By nononsence in forum MDL Projects and Applications
    Replies: 46
    Last Post: 06 Oct 2014, 06:29
  5. WindSLIC just stopped working...
    By OOPMan in forum Windows 7
    Replies: 4
    Last Post: 09 Nov 2013, 16:30

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •