Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Abusing Windows 7 Recovery Process

From: some one <s3cret.squirell () gmail com>
Date: Tue, 9 Jul 2013 19:39:45 +0100
My initial thoughts after adding the user and rebooting was that it was
only valid in the recovery console session or something as once i rebooted
it was gone...

Tried it again today in a different place and same deal. Reboot no new
user...

Anyone have this working after reboot?
Once you've inserted your payload with admin-or-better rights, it can be
anything from a rootkit that GP can't touch to a patched GP subsys that
doesn't apply AD policies. This isn't really a caveat.


On 2013-07-08 12:39:18 (+0200), Fabien DUCHENE wrote:

There may be an Active Directory domain policy which only allows a
configured set of groups/users to be admin of your workstation.
Keep in mind domain policies are applied at startup and periodically.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: