Active Directory - Software Distribution hash rules
longhorn79
Member Posts: 48 ■■□□□□□□□□
Hello All,
I was wondering how does someone get by a hash rule for certain .exe files from running. I figured the only way was to have an updated file to be able to bypass the security policy. I was online and i found this snippet of information.
First, create a text file in the directory of the restricted file. Next open up a command prompt, and cd into the directory of the restricted file. Then run the following command, “copy /B restricted_exe.exe + text_file.txt new_exe.exe” The result will be a slightly larger executable with a different hash from the original. That's it you're done, it's that easy.
The question i have does anyone have any ideas or can verify this would work.
Thanks
I was wondering how does someone get by a hash rule for certain .exe files from running. I figured the only way was to have an updated file to be able to bypass the security policy. I was online and i found this snippet of information.
First, create a text file in the directory of the restricted file. Next open up a command prompt, and cd into the directory of the restricted file. Then run the following command, “copy /B restricted_exe.exe + text_file.txt new_exe.exe” The result will be a slightly larger executable with a different hash from the original. That's it you're done, it's that easy.
The question i have does anyone have any ideas or can verify this would work.
Thanks
2012/2013 Certification Goals:
ICND1: Work in progress
ICND2: depends on ICND1
70-640 AD: if I have time
ICND1: Work in progress
ICND2: depends on ICND1
70-640 AD: if I have time
Comments
-
Zartanasaurus
Member Posts: 2,008 ■■■■■■■■■□
Just tried this and it works.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Coolhandluke
Member Posts: 118
This is correct. Changing a single byte will result in a different hash. I would simply open an executive in a hex editor and change a letter in a printable string
Save and done.[CCENT]->[CCNA]->[CCNP-ROUTE]->COLOR=#0000ff]CCNP SWITCH[/COLOR->[CCNP-TSHOOT] -
jmritenour
Member Posts: 565
Which is also why explicitly denying an exe by hash isn't a great idea, it's extremely easy to get around."Start by doing what is necessary, then do what is possible; suddenly, you are doing the impossible." - St. Francis of Assisi