Board indexTopical DiscussionComputers, Math, Science, and Technology

Vulnerability in access manager software onlibrary computers

Page 1 of 1 [ 3 posts ] 

Previous topic | Next topic

CryptoNerd
Sea Gull
Sea Gull

User avatar

Joined: 13 Jan 2016
Age: 1934
Gender: Male
Posts: 229
Location: The bash shell

21 May 2016, 10:58 am

I found a vulnerability in the library's access manager software that they use for their computers. The software is supposed to require a login using your library card number and PIN number, and it limits your time using the computers to an amount of time set by the library admins. I found a way to bypass the access manager and log in for an unlimited amount of time. I found that if you push the power button, a dialogue box comes up that tells you the access manager is running and asks you if you want to stop it. If you click the Cancel button, it cancels both the shutdown and the access manager software, allowing you to log in indefinitely and without any sort of authentication information. Not only does this exploit give you unlimited access to the library computers; it also allows you to log in anonymously, which provides a great defense against things like doxing on the Internet.

So I'm just wondering if anyone is familiar with this kind of software, and if they could enlighten me as to why this exploit works, because I would like to understand it better. I discovered it by accident, and I don't completely understand it, and I'm very curious. I've already tried Google, but I can't find any information on this topic.



Edenthiel
Veteran
Veteran

User avatar

Joined: 12 Sep 2014
Age: 56
Gender: Female
Posts: 2,820
Location: S.F Bay Area

23 May 2016, 1:43 am

Some years back, the company I work for used either autoit or shutdown manager (or both?) and I happened to have this page saved for some reason that is lost to time. At the time, I didn't realize just how interesting the function posted by ProgAndy was...anyway, this should explain what is happening:

https://www.autoitscript.com/forum/topic/96109-mimic-this-shutdown-blocker-via-autoit/


_________________
“For small creatures such as we the vastness is bearable only through love.”
―Carl Sagan


somebody300
Blue Jay
Blue Jay

User avatar

Joined: 8 May 2016
Age: 28
Gender: Male
Posts: 93
Location: France

23 May 2016, 5:46 pm

CryptoNerd wrote:
I found a vulnerability in the library's access manager software that they use for their computers. The software is supposed to require a login using your library card number and PIN number, and it limits your time using the computers to an amount of time set by the library admins. I found a way to bypass the access manager and log in for an unlimited amount of time. I found that if you push the power button, a dialogue box comes up that tells you the access manager is running and asks you if you want to stop it. If you click the Cancel button, it cancels both the shutdown and the access manager software, allowing you to log in indefinitely and without any sort of authentication information. Not only does this exploit give you unlimited access to the library computers; it also allows you to log in anonymously, which provides a great defense against things like doxing on the Internet.

So I'm just wondering if anyone is familiar with this kind of software, and if they could enlighten me as to why this exploit works, because I would like to understand it better. I discovered it by accident, and I don't completely understand it, and I'm very curious. I've already tried Google, but I can't find any information on this topic.


This exploit works probably because the person who programmed the software didn't handle the WM_ENDSESSION message properly. They should have created a Windows hook which would handle that message via SetWindowsHookEx. Although, I might be wrong.