At work I’m running as an unprivileged user on a Windows Domain. This means I don’t have the full admin access I’m used to, but due to my recent complaints I have been given slightly more access. As usual I like to explore the limits of security and develop workarounds for my limited access.
Because of the admin lockout I was unable to install firefox, which I wanted to use because the local copy of internet explorer 8 would often freeze when encountering flash objects that caused it to cough. Eventually I caved and downloaded the client, asking the boss to install it with his credentials. He told me to run it until it asked for credentials then he would come by and enter them.
I ran it, then because I wanted to see what I could do, hit no, on the user elevation prompt. Bing! I was able to install firefox. I was a little confused but assumed that it must be under a specified list of approved software that was stored on the network.
I moved on. To my surprise I found I had the ability to add add-ons to my copy of firefox. I decided to add firesheep which is a useful tool for session hi-jacking. (I will write on firesheep and countermeasures later) Being a non-official firefox add-on I couldn’t just download it from the add-on manager. Going to the site I downloaded the xpl file.
Now as the file type wasn’t set for this file I couldn’t just load it straight into firefox and I got the open with dialogue.
Not knowing where firefox was I tried to figure out where the process was located. I dived into the cmd prompt utilizing the wmic command to export a list of the processes. Voilla! I had the filepath to where firefox was and I could install the plugin.
Sadly enough, I forgot about the simple task manager view. You can change the columns to add the Command line column which will also list the path, but if group policy won’t allow access to task manager then maybe you can use the command line.
There is another command line you can use, tasklist, however it doesn’t display the working path of the file.