Penetration Testing mailing list archives

Re: Boot floppy

From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Fri, 13 Apr 2007 07:40:36 -0700

I don't think anyone's missing the statement -- people are just (in my mindrightfully) suspicious of these types of scenarios where there are a millionother things that could be done that actually solve the problem. It's thecompany's computer. They think this guy is stealing from them like someoneelse already did. But, even though the OP's the administrator of a computerhis company owns, he has no access to it and the admin account is disabled,and they can't get the guy to run a rootkit any other way. So they want tofigure out how to root the box without any boot tools, auto-runs, reboots,or anything else while the guy is taking a whiz so they can see if he isstealing intellectual property all because they are worried about hurtinghis feelings. It just doesn't sound right.

Seize the box and perform forensics on it and be done with it. Then have aset policy put in place to keep stupid things like that from happeningagain.

----- Original Message -----From: "Shreyas Zare" <shreyas () technitium com>

To: "Pen-Testing" <pen-test () securityfocus com>
Sent: Thursday, April 12, 2007 8:47 AM
Subject: Re: Boot floppy

Hi,

Everyone almost is missing Mifa's statement which is, "Any other ideas
how we maight gain access? It has to be fast (bathroom breaks ect). I
dont have time to load a live cd. Further, robooting would cause the
user to loose work."

This means he has to do it quickly without rebooting the machine and
no live CDs as rebooting would make the target suspicious of the act.
So social engineering will work better in this case.

If he has enough powers, he can trojan the machine as its company's
property. And the target may be a real danger for the company's
security, who knows ?



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Re: Boot floppy, (continued)
- Re: Boot floppy Jamie Riden (Apr 11)
- Re: Boot floppy Juergen Fiedler (Apr 11)
- RE: Boot floppy Wiedemann, Adrian (Apr 11)
- RE: Boot floppy Mifa (Apr 13)
  - Re: Boot floppy Michael Munt (Apr 13)
  - RE: Boot floppy Sat Jagat Singh (Apr 13)
- Re: Boot floppy Shreyas Zare (Apr 13)
  - Re: Boot floppy Morning Wood (Apr 13)
  - Re: Boot floppy Packet Man (Apr 15)
- Re: Boot floppy barcajax (Apr 13)
- Re: Boot floppy Thor (Hammer of God) (Apr 13)
  - Re: Boot floppy Tremaine Lea (Apr 14)
    - Re: Boot floppy Morning Wood (Apr 15)
    - RE: Boot floppy Michele Jordan (Apr 28)