Archive for September, 2010

Cheating Windows

I just started work in a multi national firm as a consultant. They gave me a windows desktop with very fast internet connection but with no access to some things. I can’t install anything on the system, I can’t download, although I can open directly from the web page. So if the file is exe, I am out of luck, but a text file, or any other file that could be opened by the limited amount of softwares installed on the system would do.

Well I really don’t need to install much on the system, although it is a pain most times that I can’t. What I will really like is to use gmail(I can’t) download, visit twitter and/or facebook(YESSSS I can’t too) etc. But downloading with the crazily fast internet speed tops my list of stuffs I would like to do on the system. But the administrators made one mistake, the installed outlook on the system.

This is my steps to download stuffs from the internet using outlook.

1. First you need psftp and putty, both doesn’t require install, so they run,
2. A remote ssh shell.
3. Create a file with the extension you want to download, e.g if I want to download a dmg file, I create something like cheat.dmg on the remote server using putty
4. I download the file using psftp
5. I open the file with outlook and set outlook to be the default program for opening such files. Outlook automatically see it as an attachment
6. I open the url, and instead of save, I chose open on the dialog box of Internet Explorer.
7. IE downloads the file and opens it with outlook, I simply right click on the file in outlook and chose save as.
8. I saved it on the desktop, and then transfer to my mac using flash disk.

So far I have not downloaded the internet, but I am soon going to do it. 😉

This exploit is fairly simple, I wonder if there are other exploits to help me visit those sites (yes, I tried all those proxy sites, they blocked them too) and also Install stuffs on the box even without the useless Admin rights.

Comments (7)