I tried this out onsite today. Got the cmd.exe as described and added a
user into local admin group... Restart the box try and login as new user
and it isn't there...

Logged in as a legit admin and ran net users and no mention of my created
account... Weird...
On Jun 30, 2013 10:54 AM, "Cool Hand Luke" <coolhandl...@coolhandluke.org>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 06/29, Grandma Eubanks wrote:
> > However, I think this is still interesting. It's been a while since I've
> > played with Windows boxes and won't have access to one for a couple days,
> > but isn't this triggering off of vendor supplied recovery partitions?
> This
> > is a regular Windows 7 sole partition box you tried this one?
>
> from a first look, i don't think a vendor-supplied recovery partition is
> necessary. it appears that it would also be possible if the "system
> restore" setting was enabled (but don't quote me on that).
>
> i'm not sure how likely that is in your average large, corporate
> environment. the ones i've seen have system restore disabled and opt to
> reimage systems instead when issues occur. i'm sure there are some
> environments where this could be useful, however.
>
> - -chl
>
> - --
> cool hand luke
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQF8BAEBCgBmBQJRz0jUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5RUE3NjY3OTY3NTE0RjAyMDgyRTNBQzAy
> QkE2NTVENTVDODgzNUVCAAoJECumVdVciDXraG4H/0rOTqDYy5wzmI5/Rs8n/1Ts
> Z3/xwsUuSCQzFNmA6VuPD5hRNtygPVoq3nhcm4ADZzWHPwOy32RTbtriUgK4mAF/
> S2yuGsGk1rszxPdW4/DZ+APInTCMxTwtViL5NGa9AsVRKAxQ87i9XyxTUeB4V0H5
> XlUMCCzmX1yNupdyIEkE4zYc4RiNTaPeamXlnds+gaW+/hmMVz9d1tC6vYBmtaAz
> urXy55TnEUoAwUlAGxgtwKappfKenggqFFEc2OY0s2HTRpd1WbVEiCW7VV3BR33z
> JOpwwF3IfRbOvcrZai5BztyIRmSw1r5olymXr2l3PYLXNZVmLJXmQei1CzZJ58I=
> =+kX6
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to