Restricting the Command Line Could This Work ?

Discussion in 'other security issues & news' started by Ranget, May 4, 2012.

Thread Status:
Not open for further replies.
  1. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Found this trick on one of the Forums

    anyway it suggest that you disable the CMD by adminstrative Right
    to protect against hacking Could this work or it's just useless
     
  2. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,804
    You could always restrict permissions by right clicking on CMD, selecting properties and then selecting the security tab. From there you can Allow or Deny permissions for system and your user account. If you deny, you can always revert back to allow if you need to.

    Or...

    You can lock down CMD through group policy.

    In theory, setting restrictions for CMD should deny access to attacks accessing CMD as well.

    If you deny all permissions, CMD won't run at all. But you do have options here, you can also deny access in certain areas: Modify, Read & Execute, Read, Write

    What version of Windows are you running?
     
    Last edited: May 5, 2012
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Hi, yes definately :thumb:

    I have it blocked with ProcessGuard, but other HIPS etc should be able to also.

    cmd pg.gif

    If i try to run it without temporally allowing it, i get this

    cmd.gif

    pg.gif
     
  4. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Win7 x64

    But it's good in defending against Metasploit Like attacks ?

    the question Remain how to stop CMD

    by Using Hips or group policy ?

    isn't group policy bypassed by Escalations of Privileges ? if that then the Hips is better

    Or using an anti executable is better ? or it will protect against those kind of attacks in the First Place
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I can't speak for how well it works on Win7 or 64 bit, but on XP and older I block user mode access to command line via classic HIPS. With Win 7 and 64 bit restricting how much kernel access HIPS can have, the control might not be as complete. The only way to know for sure is to test it.
     
Loading...
Thread Status:
Not open for further replies.