[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Abusing Windows 7 Recovery Process
- To: sec <sec@xxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Abusing Windows 7 Recovery Process
- From: some one <s3cret.squirell@xxxxxxxxx>
- Date: Tue, 9 Jul 2013 19:39:45 +0100
My initial thoughts after adding the user and rebooting was that it was
only valid in the recovery console session or something as once i rebooted
it was gone...
Tried it again today in a different place and same deal. Reboot no new
user...
Anyone have this working after reboot?
Once you've inserted your payload with admin-or-better rights, it can be
anything from a rootkit that GP can't touch to a patched GP subsys that
doesn't apply AD policies. This isn't really a caveat.
On 2013-07-08 12:39:18 (+0200), Fabien DUCHENE wrote:
> There may be an Active Directory domain policy which only allows a
> configured set of groups/users to be admin of your workstation.
> Keep in mind domain policies are applied at startup and periodically.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/