Home
Certification Preparation
Microsoft
MCTS / MCITP on Windows 2008 General
Active Directory - Software Distribution hash rules
longhorn79
Hello All,
I was wondering how does someone get by a hash rule for certain .exe files from running. I figured the only way was to have an updated file to be able to bypass the security policy. I was online and i found this snippet of information.
First, create a text file in the directory of the restricted file. Next open up a command prompt, and cd into the directory of the restricted file. Then run the following command, “copy /B restricted_exe.exe + text_file.txt new_exe.exe” The result will be a slightly larger executable with a different hash from the original. That's it you're done, it's that easy.
The question i have does anyone have any ideas or can verify this would work.
Thanks
Find more posts tagged with
Comments
Zartanasaurus
Just tried this and it works.
Coolhandluke
This is correct. Changing a single byte will result in a different hash. I would simply open an executive in a hex editor and change a letter in a printable string
Save and done.
jmritenour
Which is also why explicitly denying an exe by hash isn't a great idea, it's extremely easy to get around.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
