Bypassing SRP

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

Re: Bypassing SRP

Post by p2u on 23/12/2010, 19:10

ssj100 wrote:you'll need to tweak the Registry Key that p2u suggested - unfortunately, it doesn't seem to work for me. Can anyone work it out?
I think I probably suggested the wrong key (no Office 2003 available; we work with OpenOffice). Please have a look at this MS article:
The security level is reset to its original level after a user changes the security level in an Office 2003 program
This would suggest that users cannot change the security level set by the admin. Go into your admin account and set the level there to 'High' or 'Very high' and set the registry keys as indicated in the article. Then go back to your limited account and try the exploit. I really hope it works! Smile
Also, it would be interesting to see what happens when you set the 'My computer' security zone to 'High' (Control Panel - Browser settings - Security).

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Bypassing SRP

Post by p2u on 23/12/2010, 22:16

ssj100 wrote:However, it doesn't excuse it from not operating at the kernel level to prevent the exploit paths "cdman83" suggested
If the design is NOT TO CATCH CODE RUNNING IN MEMORY, then there may not be much difference. I wouldn't be surprised if App Locker works the same. Yes, the code is different, but that doesn't mean so much. I'm pretty confident that no escalation exploit is needed to bypass it. That's why I would insist that nobody but the the sysadmin determine where the macro or any other proposed means of bypassing SRP/App Locker comes from (the fact that it is signed is in itself obviously not enough), what it does and who is allowed to run and modify what on the workstation. If there's an insider in the company (even with limited user rights) who knows the tricks of the trade, then the company will be in big trouble.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 00:13

p2u wrote:
ssj100 wrote:you'll need to tweak the Registry Key that p2u suggested - unfortunately, it doesn't seem to work for me. Can anyone work it out?
I think I probably suggested the wrong key (no Office 2003 available; we work with OpenOffice). Please have a look at this MS article:
The security level is reset to its original level after a user changes the security level in an Office 2003 program
This would suggest that users cannot change the security level set by the admin. Go into your admin account and set the level there to 'High' or 'Very high' and set the registry keys as indicated in the article. Then go back to your limited account and try the exploit. I really hope it works! Smile
Also, it would be interesting to see what happens when you set the 'My computer' security zone to 'High' (Control Panel - Browser settings - Security).
Okay, thanks p2u. From the information you've given, I've worked out how to prevent Limited Users changing the Macro Security level in Microsoft Office 2003 (for Excel):
1. Go into Admin account
2. Navigate to this registry key:
(HKCU)\SOFTWARE\Microsoft\Office\11.0\Excel\Security
Note that "(HKCU) = HKEY_USERS", and you'll need to work out the SID of your Limited User Account
3. Right click on "Security"
4. Click "Permissions..."
5. Click on your Limited User Account "user name"
6. Click "Advanced"
7. Click on your Limited User Account name
8. Click "Edit"
9. Click the Deny checkbox for "Set Value" (thus preventing Limited Users changing the value of the Macro Security level)

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by p2u on 24/12/2010, 00:16

Let's get back to the exploit. Did you check with something like Process Explorer what is really happening? I think when you click the exe AFTER you run the Macros, you are not actually launching a new process, but just showing the window of what is already running in memory. That's why SRP doesn't react; it doesn't monitor code in memory.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 00:19

p2u wrote:Also, it would be interesting to see what happens when you set the 'My computer' security zone to 'High' (Control Panel - Browser settings - Security).
How do I find this on Windows XP?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by p2u on 24/12/2010, 00:22

ssj100 wrote:
p2u wrote:Also, it would be interesting to see what happens when you set the 'My computer' security zone to 'High' (Control Panel - Browser settings - Security).
How do I find this on Windows XP?
Control Panel (Classic view) - Browser settings. Those are the settings for IE, but the 'My Computer' Zone in the Security tab applies to your local workstation. You see: IE is an extension of explorer.exe actually, and your computer is just a location in the WWW. Wink

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 00:26

p2u wrote:Control Panel (Classic view) - Browser settings. Those are the settings for IE, but the 'My Computer' Zone in the Security tab applies to your local workstation. You see: IE is an extension of explorer.exe actually, and your computer is just a location in the WWW. Wink
I can't seem to find "Browser settings".

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 00:35

p2u wrote:Let's get back to the exploit. Did you check with something like Process Explorer what is really happening? I think when you click the exe AFTER you run the Macros, you are not actually launching a new process, but just showing the window of what is already running in memory. That's why SRP doesn't react; it doesn't monitor code in memory.
Just checked it with Process Explorer and after I run the Macro (on the desktop), no new processes are spawned. However, I am now able to run any executable from the desktop. It appears I can run them from most places under C:\Documents and Settings\UserAccountName\, and also I can run them from another drive.

However, when I run the exe, I can see that a new process is indeed spawned. This is why it feels to me like SRP has been directly "disabled" and not just "bypassed" - I can download or copy any new executable file on to eg. the desktop and run it.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by p2u on 24/12/2010, 01:21

ssj100 wrote:I can't seem to find "Browser settings".
Probably 'Internet options'? My Windows is in Russian. Wink
You can also access these settings by opening IE - Tools - Internet Options. Look for the security tab. If everything is OK, then there should be 5 zones. The 5th one (Zone 0 in the registry) is the My Computer zone.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 01:24

p2u wrote:
ssj100 wrote:I can't seem to find "Browser settings".
Probably 'Internet options'? My Windows is in Russian. Wink
You can also access these settings by opening IE - Tools - Internet Options. Look for the security tab. If everything is OK, then there should be 5 zones. The 5th one (Zone 0 in the registry) is the My Computer zone.

Paul
Thanks, I don't seem to have 5 zones, only 4 - there's no "My Computer" zone. Why would this be?

EDIT: never mind:
http://support.microsoft.com/kb/315933

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by p2u on 24/12/2010, 01:25

ssj100 wrote:Just checked it with Process Explorer and after I run the Macro (on the desktop), no new processes are spawned. However, I am now able to run any executable from the desktop. It appears I can run them from most places under C:\Documents and Settings\UserAccountName\, and also I can run them from another drive.

However, when I run the exe, I can see that a new process is indeed spawned. This is why it feels to me like SRP has been directly "disabled" and not just "bypassed" - I can download or copy any new executable file on to eg. the desktop and run it.
Wow! That sounds like really serious. Sad
P.S.: And what happens AFTER you log out and log back in? SRP still disabled?

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 01:38

By the way, "My Computer Zone" is set at the "High" security level by default.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 01:43

p2u wrote:And what happens AFTER you log out and log back in? SRP still disabled?
No, once I do that (or restart the system), SRP is back working.

I think you're right to some extent regarding the concept of "loading into memory":
http://blog.didierstevens.com/2008/06/25/bpmtk-bypassing-srp-with-dll-restrictions/
The trick is to call WriteProcessMemory directly from within the script to disable SRP.
The effect of these 2 WriteProcessMemory calls is to patch advapi32.dll inside the Excel process, thereby disabling SRP so that the embedded DLL is allowed to load (of course, now that SRP is disabled for Excel, I can also just start another program).
Also, it sounds like the DLL is allowed to load (and do remember I always enable SRP with DLL white-listing). I suppose given the DLL is allowed to load at all (regardless of the fact that it loads via an Excel Macro) directly means that SRP is being bypassed.

My theory is that if SRP worked at the kernel level (like AppLocker), advapi32.dll (working at the kernel level) would not be able to be "patched" as a Limited User, as it would mean requiring access to the kernel. That's why I was saying if SRP worked at the kernel level, it would be much stronger against exploits.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by p2u on 24/12/2010, 02:03

Just found another topic with working shellcode to break applocker (Didier Stevens even participates). From what he says in that topic I would conclude that this is certainly not a vulnerability, it's by design (as I thought, actually):
applocker poc bypass (but no code)
(Post 13: "This is not a vulnerability.")
Makes me wonder whether the kernel protection you propose would actually help... It's again the so-called "binary planting", you know: the Current Directory could be a server in China etc. and the dll is still loaded as trusted.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 02:11

p2u wrote:Just found another topic with working shellcode to break applocker (Didier Stevens even participates). From what he says in that topic I would conclude that this is certainly not a vulnerability, it's by design (as I thought, actually):
applocker poc bypass (but no code)
(Post 13: "This is not a vulnerability.")
Makes me wonder whether the kernel protection you propose would actually help... It's again the so-called "binary planting", you know: the Current Directory could be a server in China etc. and the dll is still loaded as trusted.
I've read that topic, and the title didn't make sense to me - Didier's code bypasses SRP (not AppLocker). I already asked Didier about whether his code would work against AppLocker (this was in a private e-mail exchange about 2 months ago) and he said it would not without the use of a Privilege Escalation Exploit:
http://ssj100.fullsubject.com/t313-bypassing-srp#2509

EDIT: again, I think it all comes down to whether patching advapi32.dll is possible or not - if advapi32.dll operates at kernel level (with SRP), then it cannot be "patched" (to disable SRP) as a Limited User with Didier's code (access to the kernel is denied as a Limited User). But since SRP works at the user space level, his code is successful at disabling it.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 03:02

Just re-read the thread and noted these 2 posts:
http://www.wilderssecurity.com/showpost.php?p=1787333&postcount=25
SRP and AL don't pick up shellcode in memory and on the network interface.

Most AV performs only limited scan of memory (compared to disk scan) and/or network traffic.

HIPS maybe, depends on what it scans.
http://www.wilderssecurity.com/showpost.php?p=1787367&postcount=26
Oh, so you say it's possible to do a staged attack but still keep it in memory only. No idea how that could be done but sure sounds scary.
A few points/musings on this:
1. p2u is right that SRP/AppLocker would not block code running in memory.

2. Therefore SRP/AppLocker would not have to be "disabled" in order to get malicious code running in memory.

3. Given this, perhaps it's possible to attack a system by just running shellcode in memory (eg. an "info stealer" that monitors your keystrokes etc) and not have to write anything to the disk?

4. If this is true, then it makes me even more relieved that I use Sandboxie with the relevant security setup/approach. Also, it makes me wonder if software like DefenseWall, Prevx SafeOnline, SpyShelter, Zemana AntiLogger, KeyScrambler etc would block/mitigate isolated malicious logging shellcode running in memory (meaning it is monitoring your eg. keystrokes without having written anything on the hard-drive) - I suspect they would not.

5. However, I'm pretty sure any Classical HIPS would at least be able to be configured to monitor for such activity (inter-process memory activities etc).

6. Also, it appears my security setup/approach remains the strongest overall form of protection (in my opinion):
a) sandboxing malware threat-gates with start/run/internet access restrictions
b) reliably running all newly introduced files sandboxed by default (eg. using a sandboxed "explorer.exe")
c) following steps 7-9 under "Sandboxie"

7. How come we're not seeing more of this type of malware in-the-wild? Maybe it's extremely difficult to create? Maybe programming such code is not "cost/time-effective" for the malware writers?

8. LUA + SRP/AppLocker remains a very powerful security mechanism in the real-world (nearly 10 years after its initial release).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by Sadeghi85 on 24/12/2010, 03:38

ssj100 wrote:
6. Also, it appears my security setup/approach remains the strongest overall form of protection (in my opinion):
a) sandboxing malware threat-gates with start/run/internet access restrictions
b) reliably running all newly introduced files sandboxed by default (eg. using a sandboxed "explorer.exe")
c) following steps 7-9 under "Sandboxie"

Another good tool is EMET, setting DEP, SEHOP, ASLR etc protection for malware threat-gates(Browser, media player, pdf reader etc) will most likely prevent shellcode execution in memory.

ssj100 wrote:
7. How come we're not seeing more of this type of malware in-the-wild? Maybe it's extremely difficult to create? Maybe programming such code is not "cost/time-effective" for the malware writers?

shellcode execution in memory(in presence of LUA+AppLocker)? I guess that can only be done in targeted attack with state backing.

Sadeghi85
Member
Member

Posts : 66
Join date : 2010-07-22

View user profile

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 03:45

Sadeghi85 wrote:Another good tool is EMET, setting DEP, SEHOP, ASLR etc protection for malware threat-gates(Browser, media player, pdf reader etc) will most likely prevent shellcode execution in memory.
Yes, I would most definitely be using and recommending that if I was on Vista/7 - after all, it's "Windows Hardening" and I'm a big fan of that. However, "Windows Hardening" mechanisms seem be targeted a lot (except maybe for SRP/AppLocker?), which is why we keep seeing exploits being released for them. For example, it didn't take long for "kernel patch protection" on 64-bit systems to be bypassed.

Sadeghi85 wrote:shellcode execution in memory(in presence of LUA+AppLocker)? I guess that can only be done in targeted attack with state backing.
Not necessarily in the presence of LUA + SRP/AppLocker. From what I can see, the vast majority of malware in-the-wild (all?) requires the user to run some sort of foreign executable that's written on the disk.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by p2u on 24/12/2010, 11:19

Some general remarks I'd like to make about good security.

I suspect that technology alone is not going to cut it in the end; the security problem is between our ears, and the solution is quite simple:

1) DO NOT DOWNLOAD CONTENT OF ANY KIND from resources you don't know you can trust. This may include even pictures in your browser cache. In my setup, Default Deny starts with a clean text page on which I allow only elements if they add to the message the author is trying to convey.

2) USE ALTERNATIVES for programs that are most often attacked. Check the settings for those programs, because most of the time the default settings work against you. In Firefox and Opera, for example, it's very interesting to just look through about:config (opera:config) by search terms like 'enable', 'disable', etc. You will find that you might not want this or that feature and then you should definitely disable it. This is not paranoia, just common sense.

3) TRUST is something nobody else but you should define. I would certainly not rely on in-the-cloud reputation services of any kind. The file (and site) reputation is too often built on the opinions of ordinary users and can thus be manipulated. Signatures are mostly based on money (500 dollars I believe for one regular signature) and cannot be regarded as a reliable security parameter.

4) When all else has failed, be sure to have other default deny mechanisms in place. Do not allow more outgoing traffic in your firewall than strictly necessary by setting the rules (do not rely on HIPS). This may be your best way to protect your computer.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 11:36

Excellent points p2u! Perhaps one point that you missed out was backing up - I make at least monthly byte for byte system images and ensure I back up large (eg. video) and important files on external isolated drives.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by p2u on 24/12/2010, 11:50

ssj100 wrote:Excellent points p2u! Perhaps one point that you missed out was backing up - I make at least monthly byte for byte system images and ensure I back up large (eg. video) and important files on external isolated drives.
Here I go again, not agreeing with you. Very Happy
Backup is not really a preventive measure. When you need it, it just means that somehow your policies have failed and you are in for similar trouble in the future. Besides, you can never say for sure that your backup is clean. Therefore, 'reflatten and rebuild' may turn out to be your only option. Believe it or not, but in my work (I mainly clean out infected computers) I have seen cases in which even backup fails. What's even worse: deep formatting may not be enough in some cases. Sad

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 12:20

Haha, of course you agree with me - you're just making some other important points. In saying that, your response was not entirely appropriate to what I wrote. Your response would have been more appropriate if I wrote something like "backing up is completely a preventive measure and is all you ever need to be 100% safe" - I never said that, nor did I even remotely imply it.

I mean, the world may end tomorrow, but does that mean we don't bother saving money? Of course not.

But yes, I understand where you're coming from - I completely agree that backing up is not really a preventive measure, but I just wanted to point out that it's an extremely important process to carry out. It's funny that you've responded the way you did though - I remember I posted on Wilders (before I got permanently banned without warning/reason) an almost identical response to someone saying that backing up is the most important security measure - I completely disagreed with him. However, as I've said before, you can argue anything in life.

One aspect of your comments I don't quite agree with is the implication that backing up can fail frequently. Perhaps that's putting words in your mouth, but if the average reader read what you wrote above, they'd probably not bother backing up or learning how to make a byte for byte system image - that would be a bad outcome.

My advice is, once you've freshly installed Windows, configured all the settings you like, installed all the important programs/drivers and the latest updates, you should then make a byte for byte system image - I call this my "Baseline" image (and it's clean for sure). This should be stored away on an isolated external hard-drive and left alone. In this way, if your computer gets hosed, you can always just load up that image - trust me, this is much faster than doing everything from scratch - just updating Windows itself can take at least 30 minutes to an hour in my experience, and often you'll forget the various settings you had before (I'm actually quite pedantic about that and have made notes just in case haha), among other things.

With regards to not knowing if your back up image is clean for sure, that's true, but not really the point. The point is to make regular byte for byte image back ups as well as separate frequent back-ups of important files. This is so that you can always revert to the last clean image or restore files that would have otherwise taken a long time to obtain again.

In saying all that, realistically for me, I'm more worried about primary hard-drive failure and losing information that way - that's the main reason I back up on to external isolated hard drives. If my current hard drive fails, I won't be fretting too hard haha.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by p2u on 24/12/2010, 12:32

'ALWAYS' and 'NEVER' are just extremes. I'm, of course, talking about more or less targeted attacks. The average not too reckless person may sleep tight and just do his or her thing, don't worry. Wink

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Bypassing SRP

Post by ssj100 on 24/12/2010, 12:46

Of course, but even the "average not too reckless person" will have eg. backed up important family photos etc, or at least they should (that is, have more than one copy on at least 2 separate data storing devices). One can never know exactly when the hard drive will suddenly die, a five year old child "accidentally" deletes data when you're not looking/supervising, or a virus slips through and formats C:\.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Bypassing SRP

Post by p2u on 24/12/2010, 15:14

ssj100 wrote:Of course, but even the "average not too reckless person" will have eg. backed up important family photos etc, or at least they should (that is, have more than one copy on at least 2 separate data storing devices).
Sure! Just don't rely on automated technology to save your [insert body part here]; do it yourself immediately after the files have been created successfully, or you might get burned when you're expecting it least...

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Bypassing SRP

Post by Sponsored content


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum