I tried this out onsite today. Got the cmd.exe as described and added a user into local admin group... Restart the box try and login as new user and it isn't there...
Logged in as a legit admin and ran net users and no mention of my created account... Weird... On Jun 30, 2013 10:54 AM, "Cool Hand Luke" <coolhandl...@coolhandluke.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 06/29, Grandma Eubanks wrote: > > However, I think this is still interesting. It's been a while since I've > > played with Windows boxes and won't have access to one for a couple days, > > but isn't this triggering off of vendor supplied recovery partitions? > This > > is a regular Windows 7 sole partition box you tried this one? > > from a first look, i don't think a vendor-supplied recovery partition is > necessary. it appears that it would also be possible if the "system > restore" setting was enabled (but don't quote me on that). > > i'm not sure how likely that is in your average large, corporate > environment. the ones i've seen have system restore disabled and opt to > reimage systems instead when issues occur. i'm sure there are some > environments where this could be useful, however. > > - -chl > > - -- > cool hand luke > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQF8BAEBCgBmBQJRz0jUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w > ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5RUE3NjY3OTY3NTE0RjAyMDgyRTNBQzAy > QkE2NTVENTVDODgzNUVCAAoJECumVdVciDXraG4H/0rOTqDYy5wzmI5/Rs8n/1Ts > Z3/xwsUuSCQzFNmA6VuPD5hRNtygPVoq3nhcm4ADZzWHPwOy32RTbtriUgK4mAF/ > S2yuGsGk1rszxPdW4/DZ+APInTCMxTwtViL5NGa9AsVRKAxQ87i9XyxTUeB4V0H5 > XlUMCCzmX1yNupdyIEkE4zYc4RiNTaPeamXlnds+gaW+/hmMVz9d1tC6vYBmtaAz > urXy55TnEUoAwUlAGxgtwKappfKenggqFFEc2OY0s2HTRpd1WbVEiCW7VV3BR33z > JOpwwF3IfRbOvcrZai5BztyIRmSw1r5olymXr2l3PYLXNZVmLJXmQei1CzZJ58I= > =+kX6 > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/