| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+1kKf5pka+WU6Y9kyVf5qUBmOLq_swi--iyPB0cG4SqFq=86g@mail.gmail.com>
Date: Tue, 9 Jul 2013 19:39:45 +0100
From: some one <s3cret.squirell@...il.com>
To: sec <sec@...tsploit.me>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Abusing Windows 7 Recovery Process
My initial thoughts after adding the user and rebooting was that it was
only valid in the recovery console session or something as once i rebooted
it was gone...
Tried it again today in a different place and same deal. Reboot no new
user...
Anyone have this working after reboot?
Once you've inserted your payload with admin-or-better rights, it can be
anything from a rootkit that GP can't touch to a patched GP subsys that
doesn't apply AD policies. This isn't really a caveat.
On 2013-07-08 12:39:18 (+0200), Fabien DUCHENE wrote:
> There may be an Active Directory domain policy which only allows a
> configured set of groups/users to be admin of your workstation.
> Keep in mind domain policies are applied at startup and periodically.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists