Can you move the drive to another machine with bitlocker then unlock the data & copy what you need?
On Wed, Mar 30, 2011 at 10:17 AM, k41zen Me <[email protected]> wrote: > Jim, > > Only allows outbound 53 which is fine. Won't be allowed to execute the .exe > though or am I missing something? > > k41zen > > On 30 Mar 2011, at 12:47, Jim Halfpenny wrote: > > > Hi, > > Does the firewall do packet inspection on DNS traffic or is it just a > > rule to allow port 53 outbound? You can shovel the data over netcat if > > you can connect to a remote system on which you've put a listener on a > > permitted port. > > > > Regards, > > Jim > > > > On 30 March 2011 07:44, k41zen Me <[email protected]> wrote: > >> I need to get some user data of a laptop. I have written permission to > do whats necessary. What I don't have is a lot of time. > >> > >> Laptop is running Vista SP1 fully patched up to Jan 2011. System is > bitlockered. I have the users cached creds and the bitlocker PIN so logging > in as the user is not a problem. System has a software VPN solution on it > but certificate has failed rendering the NIC useless and removing a whole > heap of remote options. > >> > >> System is locked down so that: > >> > >> 1) 3rd party app stops devices from being attached to the laptop > (USB, Expresscard, PCI, serial & parallel ports, firewire) > >> 2) User has CD/DVD read but not write > >> 3) user account rights are very limited > >> 4) whitelist in place with mixture of GPO's and 3rd party app to > limit what the user can run and from where on the system > >> 5) cannot stop services > >> 6) cannot delete files to break security apps or stop services > >> 7) local admin account has been disabled > >> 8) FW configured to only allow out DNS and VPN traffic to establish > session > >> 9) user cannot renew VPN cert > >> > >> I dont have bitlocker recovery PIN so booting into safe mode or placing > drive into another machine is a no go. Also not stored in AD. > >> > >> I can't see any other ways to extend to functionality of the laptop so > am now into privilege escalation. With all the meassures in place anyone > know of anything that would work? > >> > >> TIA > >> > >> k41zen > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Tim Krabec Kracomp 772-597-2349 www.kracomp.com www.smbminute.com (podcast) tkrabec.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
