RE: Boot floppy

From: Scott Ramsdell (Scott.Ramsdell@cellnet.com)
Date: Wed Apr 11 2007 - 10:17:06 EDT

Mifa,

I assume you're not in a domain, so you don't have admin privs on the
box. (If you are in a domain, sounds like this person needs their own
GPO.)

I've used this tool to blank out admin passwords many times:
http://home.eunet.no/pnordahl/ntpasswd/

Once you have the admin account, use psexec as Zed suggests, or any
suitable method. If the remote registry service is enabled you're set.
If not, start it.

You don't have to launch software from the run keys. Check out Andrew
Aronoff's Silent Runners for a list of all the locations you can launch
programs from. If the user is security conscience, likely he knows
enough to set the local policy to disallow changes to run and runonce.

This method requires rebooting, which you suggest you don't want to do.
However, it is a boot disk which you also asked for?!

Kind Regards,
 
Scott Ramsdell
CISSP, CCNA, MCSE
Security Network Engineer

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Zed Qyves
Sent: Wednesday, April 11, 2007 1:42 AM
To: Mifa; pen-test@securityfocus.com
Subject: Re: Boot floppy

Why do you think you have to go to such extremes if it is a company PC?

If he is TAKING the PC home instead of HAVING HIS PC at home all the
time next time the PC is at company - and you re authorised to perform
such a thing - take it apart...

If on the other hand you want to spy on that user and see what he is
doing with his files I suggest checking with the company's legal
department before doing anything else.

and finally sounds like a job for psexec...

On 4/10/07, Mifa <mifa@stangercorp.com> wrote:
> We have a user who takes a company computer home with them (no its
not a lap top). We have a good reason to need to look at their files.
However, we want to do so without that employ knowing. They seem to
know something about security becasue auto runs is disabled and the
workstation is always locked with a third party software. INserting a
U3 drive will not run a program either. Are there any programs that
will boot from a floppy then copy a program to the c drive then wite an
auto start entry into the registry? This was the only way I can think
of to get the user to install a program..
>
> Any other ideas how we maight gain access? It has to be fast
(bathroom breaks ect). I dont have time to load a live cd. Further,
robooting would cause the user to loose work.
>
>
>
>
------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
>
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
>
------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:43 EDT