Full Disclosure mailing list archives
Re: Abusing Windows 7 Recovery Process
From: sec <sec () whatsploit me>
Date: Mon, 08 Jul 2013 16:27:19 -0400
Once you've inserted your payload with admin-or-better rights, it can be anything from a rootkit that GP can't touch to a patched GP subsys that doesn't apply AD policies. This isn't really a caveat. On 2013-07-08 12:39:18 (+0200), Fabien DUCHENE wrote:
There may be an Active Directory domain policy which only allows a configured set of groups/users to be admin of your workstation. Keep in mind domain policies are applied at startup and periodically.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Abusing Windows 7 Recovery Process some one (Jul 01)
- <Possible follow-ups>
- Re: Abusing Windows 7 Recovery Process Fabien DUCHENE (Jul 08)
- Re: Abusing Windows 7 Recovery Process some one (Jul 08)
- Re: Abusing Windows 7 Recovery Process Chris Arg (Jul 09)
- Re: Abusing Windows 7 Recovery Process sec (Jul 08)
- Re: Abusing Windows 7 Recovery Process some one (Jul 10)
- Re: Abusing Windows 7 Recovery Process Gregory Boddin (Jul 10)
- Re: Abusing Windows 7 Recovery Process some one (Jul 10)
- Re: Abusing Windows 7 Recovery Process adam (Jul 10)
- Re: Abusing Windows 7 Recovery Process some one (Jul 10)
- Re: Abusing Windows 7 Recovery Process Alex (Jul 12)
- Re: Abusing Windows 7 Recovery Process Chris Arg (Jul 12)
- Re: Abusing Windows 7 Recovery Process Alex (Jul 13)
- Re: Abusing Windows 7 Recovery Process Julius Kivimäki (Jul 13)
- Re: Abusing Windows 7 Recovery Process Alex (Jul 13)
- Re: Abusing Windows 7 Recovery Process some one (Jul 08)