Results 1 to 10 of 10

Thread: Gaining System-Level Access To Vista

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    15

    Default Gaining System-Level Access To Vista

    So I read about this yesterday from Slashdot

    http://tech.slashdot.org/article.pl?.../05/26/0257213

    I know that you can do it from any liveCD linux distro, though I thought it was cool that BackTrack got the publicity. Anyways, I went ahead and tried it out with my copy of Windows Server 2008 Enterprise (thanks microsoft launch tour). It worked flawlesly, and instead of running "explorer" from the Utilman.exe promt, i ran "lusrmgr.msc" and simply added my own administrator account. I got out of utilman, clicked cancel for the Windows login, did a ctr+alt+del and my new TEST_ADMIN account was waiting for me to login.

    I wasn't able to do anything once i ran explorer from utilman, except run firefox (from which i was able to browse the net) which i had installed previously while logged into the admin account. it was all so easy...

  2. #2
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    it's normal it's done with backtrack.........

    the guy who done the video is MUTS !!! one of the creator of backtrack !!!

    and yes it's so easy, i bet that microsoft will reduce privilege of this utility , that have no point to be run with system privilege !

    you can do the same in xp or 2000 , but with other files than Utilman.exe
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  3. #3
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    I'm sure Muts is keeping Redmond busy
    dd if=/dev/swc666 of=/dev/wyze

  4. #4
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    15

    Default

    So besides locking down your USB ports (http www thinkgeek com/gadgets/security/98fe/), how can you prevent this atrocity?

  5. #5
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    You mean, lock down USB, CDROM, Bluetooth, and Firewire. Oh, and maybe unplug your network cable. Besides that, you should be fine.

    William

  6. #6
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by williamc View Post
    You mean, lock down USB, CDROM, Bluetooth, and Firewire. Oh, and maybe unplug your network cable. Besides that, you should be fine.

    William
    LOL!! Sad, but true
    dd if=/dev/swc666 of=/dev/wyze

  7. #7
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default file

    Theres a quick script i wrote in /pentest/passwd called utilman.py

    if you run that on a local vista system, it'll detect the partition, backup utliman.exe and rename cmd.exe to Utilman.exe, its all automated. Don't run this on a WinXP box..I sent muts an updated utilman.py that never made it on BT3 that specifically detects only Vista, however if you run this on XP, it'll rename the utilman.exe on XP which doesn't work.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •