[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CA+1kKf460FE0uo7ps780N3f=gFh8G=i0+o1yR5w1uPocZUbVwg@mail.gmail.com>
Date: Mon, 1 Jul 2013 15:16:45 +0100
From: some one <s3cret.squirell@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Abusing Windows 7 Recovery Process
I tried this out onsite today. Got the cmd.exe as described and added a
user into local admin group... Restart the box try and login as new user
and it isn't there...
Logged in as a legit admin and ran net users and no mention of my created
account... Weird...
On Jun 30, 2013 10:54 AM, "Cool Hand Luke" <coolhandluke@...lhandluke.org>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 06/29, Grandma Eubanks wrote:
> > However, I think this is still interesting. It's been a while since I've
> > played with Windows boxes and won't have access to one for a couple days,
> > but isn't this triggering off of vendor supplied recovery partitions?
> This
> > is a regular Windows 7 sole partition box you tried this one?
>
> from a first look, i don't think a vendor-supplied recovery partition is
> necessary. it appears that it would also be possible if the "system
> restore" setting was enabled (but don't quote me on that).
>
> i'm not sure how likely that is in your average large, corporate
> environment. the ones i've seen have system restore disabled and opt to
> reimage systems instead when issues occur. i'm sure there are some
> environments where this could be useful, however.
>
> - -chl
>
> - --
> cool hand luke
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQF8BAEBCgBmBQJRz0jUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5RUE3NjY3OTY3NTE0RjAyMDgyRTNBQzAy
> QkE2NTVENTVDODgzNUVCAAoJECumVdVciDXraG4H/0rOTqDYy5wzmI5/Rs8n/1Ts
> Z3/xwsUuSCQzFNmA6VuPD5hRNtygPVoq3nhcm4ADZzWHPwOy32RTbtriUgK4mAF/
> S2yuGsGk1rszxPdW4/DZ+APInTCMxTwtViL5NGa9AsVRKAxQ87i9XyxTUeB4V0H5
> XlUMCCzmX1yNupdyIEkE4zYc4RiNTaPeamXlnds+gaW+/hmMVz9d1tC6vYBmtaAz
> urXy55TnEUoAwUlAGxgtwKappfKenggqFFEc2OY0s2HTRpd1WbVEiCW7VV3BR33z
> JOpwwF3IfRbOvcrZai5BztyIRmSw1r5olymXr2l3PYLXNZVmLJXmQei1CzZJ58I=
> =+kX6
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists