Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Windows: Local Security Workarounds-DD

Re: Windows: Local Security Workarounds-DD

From: H D Moore <hdm_at_SECUREAUSTIN.COM>
Date: Sat, 8 Apr 2000 13:04:33 -0500

Diedra Holley wrote:
>
> Is there a way to get around someone using cmoskill on a system...I
> recently had a friend that bought a laptop from a friend of his, the
> friend didn't give him any of the passwords...specifically the
> supervisor password I needed to disable one of the programs to allow me
> to get in try and fix it....I don't recall the name of the program now
> but it allowed you to' backtrack' to another "boot sequence" to
> possibly fix the problem...I couldn't get back far enough to reboot
> before the password was enabled....I used the cmoskill and it got rid of
> ALL the passwords on the system, not just the bios password...it was
> entirely too easy...surely there must be a way around it....

I recently picked up an IWILL BS100 motherboard that has some cool
security options, like making the floppy read only and making the bios
un-flashable. While this wont stop a hacker with a paerclip (cmos
battery short) or anyone with some free time and physical access, it
does protect you against the run-of-the-mill idiots.

> Also, when I was playing around with my own system, I found that when I
> system with softice on it goes down and you try to reboot that the
> debugger will kick in on reboot and begin 'trying to hack itself' and
> will therefore lock the system....I have my boot from disk enabled and
> tried to use it, but I had the same problem. As soon as the disk was
> in, softice kicked in again and started doing its thing....I do not have
> softice set to load on startup....

Got me.

> One last thing....I have Cain1.0...it is a password recovery program...I
> have been using it to try and delete users from my ICQ list that have
> used my system and put their information on it...it would seem that Cain
> will not pick up web based passwords and will only pick up sys passwords
> after they have been used once....is there another program I can use to
> get rid of this info from my system?

Search the registry for pass hashes/etc for those programs, also try
deleting *.pwl in the windows directory. Netscape keeps
easily-decrypted password hashes in preferences.js for each user profile
AND in the registry.

-HD
Received on Apr 08 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos