| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Jul 2013 12:39:18 +0200 From: Fabien DUCHENE <f.duchene@...-online.fr> To: s3cret.squirell@...il.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Abusing Windows 7 Recovery Process There may be an Active Directory domain policy which only allows a configured set of groups/users to be admin of your workstation. Keep in mind domain policies are applied at startup and periodically. > Message: 1 > Date: Mon, 1 Jul 2013 15:16:45 +0100 > From: some one <s3cret.squirell@...il.com> > To: full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] Abusing Windows 7 Recovery Process > Message-ID: > <CA+1kKf460FE0uo7ps780N3f=gFh8G=i0+o1yR5w1uPocZUbVwg@...l.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > I tried this out onsite today. Got the cmd.exe as described and added a > user into local admin group... Restart the box try and login as new user > and it isn't there... > > Logged in as a legit admin and ran net users and no mention of my created > account... Weird... > On Jun 30, 2013 10:54 AM, "Cool Hand Luke" <coolhandluke@...lhandluke.org> > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> On 06/29, Grandma Eubanks wrote: >> > However, I think this is still interesting. It's been a while since I've >> > played with Windows boxes and won't have access to one for a couple days, >> > but isn't this triggering off of vendor supplied recovery partitions? >> This >> > is a regular Windows 7 sole partition box you tried this one? >> >> from a first look, i don't think a vendor-supplied recovery partition is >> necessary. it appears that it would also be possible if the "system >> restore" setting was enabled (but don't quote me on that). >> >> i'm not sure how likely that is in your average large, corporate >> environment. the ones i've seen have system restore disabled and opt to >> reimage systems instead when issues occur. i'm sure there are some >> environments where this could be useful, however. >> >> - -chl >> >> - -- >> cool hand luke >> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists