Good write up that Jakob and an interesting read.
Thanks ,)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
My initial thoughts after adding the user and rebooting was that it was
only valid in the recovery console session or something as once i rebooted
it was gone...
Tried it again today in a different place and same deal. Reboot no new
user...
Anyone have this working after reboot?
Once you've
in that workstation once the
password is reset).
Hmm, not sure about this...
Haven't tried but lets say we can copy the SAM off the box somehow,
recovery console is running as system which can read the SAM and
On 9 July 2013 20:39, some one s3cret.squir...@gmail.com wrote:
My initial thoughts after
On Jul 10, 2013 9:16 PM, some one s3cret.squir...@gmail.com wrote:
On Jul 10, 2013 1:51 PM, Gregory Boddin greg...@siwhine.net wrote:
It won't.
The whole point is to have full local access to hard-drives (from a
locked workstation for eg), to modify/read things in it.
The loaded
to be admin of your workstation.
Keep in mind domain policies are applied at startup and periodically.
Message: 1
Date: Mon, 1 Jul 2013 15:16:45 +0100
From: some one s3cret.squir...@gmail.com
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Abusing Windows 7 Recovery Process
I tried this out onsite today. Got the cmd.exe as described and added a
user into local admin group... Restart the box try and login as new user
and it isn't there...
Logged in as a legit admin and ran net users and no mention of my created
account... Weird...
On Jun 30, 2013 10:54 AM, Cool Hand
I think because if/when someone enables it there is no authentication
needed to remote log in as root?
On Mar 16, 2013 4:32 PM, Julius Kivimäki julius.kivim...@gmail.com
wrote:
Why exactly is this a bug?
2013/3/15 secur...@nruns.com
n.runs AG
http://www.nruns.com/
security(at)nruns.com
he posts of interest?
Please expand on how and why anti automation bugs in unknown cms's are of
interest?
On Mon, Dec 31, 2012 at 11:58 PM, some one s3cret.squir...@gmail.comwrote:
If you do not like or find of interest what the guy posts is it not
easier to just press delete or filter him
If you do not like or find of interest what the guy posts is it not easier
to just press delete or filter him out rather than try to make fun of him?
Give the dude a break man, hes submitting more things of interest than you
are and you just make yourself sound bitter and twisted.
Its new year