Heh ~ Ben already suggested that but unfortunately, no. But, I will
surely be cloning that disk before laying a dban beating on it and
poking and prodding the clone back in the workshop.
--
Peter van Houten
On the 14 May, 2010 14:34, John Aldrich wrote the following:
Any chance they could air-freight you the box and let YOU hack it so you
don't have to get on a plane?
-----Original Message-----
From: Peter van Houten [mailto:peter...@gmail.com]
Sent: Friday, May 14, 2010 8:14 AM
To: NT System Admin Issues
Subject: Re: XP Box inaccessible
Thanks Tammy; most of my attempts at remote access were fruitless.
Besides breaking the login process, the code *seems* to have disabled
all access vectors that I know of, with the exception of IPC$ (with null
credentials only) via which I have made a connect/disconnect but nothing
more and was hoping that some bright spark knew of an attack via this route.
It does appear to parse the initial login credentials correctly (and
probably
stores them). Have nmap scanned aggressively and shown ports 139& 445
open, hence the partial netbios access as above.
The suit using this PC won't allow anyone else other than myself within
50 paces but was able to defer the requirement for the important docs on
the system's desktop [say goodbye to his write access to /desktop :-) ],
so I have a weekend reprieve (and more time to hack it).
--
Peter van Houten
On the 14 May, 2010 04:10, Tammy wrote the following:
Can you access the machine's registry from a machine on the network
using remote registry? It has worked for me a few times. (assuming
userinit.exe exists& is intact)
Worth a look to see if the userinit value in registry is hosed.
Key: BrokenMachine\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon
Normally the value for userinit is c:\windows\system32\userinit.exe,
Fix the value, disconnect registry& reboot the box.
Just in case they have windows installed to a different
directory/drive etc though might want to check here first:
Brokenmachine\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment
Regards,
Tammy Stewart (coppertop)
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
