I bet the AV would catch netcat. You might have to manually encode the file to be able to run it but then again, the whitelist would probably stop you anyways.
Any juicy third party apps on the box? On Wed, Mar 30, 2011 at 5:47 AM, Jim Halfpenny <[email protected]>wrote: > Hi, > Does the firewall do packet inspection on DNS traffic or is it just a > rule to allow port 53 outbound? You can shovel the data over netcat if > you can connect to a remote system on which you've put a listener on a > permitted port. > > Regards, > Jim > > On 30 March 2011 07:44, k41zen Me <[email protected]> wrote: > > I need to get some user data of a laptop. I have written permission to do > whats necessary. What I don't have is a lot of time. > > > > Laptop is running Vista SP1 fully patched up to Jan 2011. System is > bitlockered. I have the users cached creds and the bitlocker PIN so logging > in as the user is not a problem. System has a software VPN solution on it > but certificate has failed rendering the NIC useless and removing a whole > heap of remote options. > > > > System is locked down so that: > > > > 1) 3rd party app stops devices from being attached to the laptop (USB, > Expresscard, PCI, serial & parallel ports, firewire) > > 2) User has CD/DVD read but not write > > 3) user account rights are very limited > > 4) whitelist in place with mixture of GPO's and 3rd party app to limit > what the user can run and from where on the system > > 5) cannot stop services > > 6) cannot delete files to break security apps or stop services > > 7) local admin account has been disabled > > 8) FW configured to only allow out DNS and VPN traffic to establish > session > > 9) user cannot renew VPN cert > > > > I dont have bitlocker recovery PIN so booting into safe mode or placing > drive into another machine is a no go. Also not stored in AD. > > > > I can't see any other ways to extend to functionality of the laptop so am > now into privilege escalation. With all the meassures in place anyone know > of anything that would work? > > > > TIA > > > > k41zen > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
