Penetration Testing mailing list archives
Re: Boot floppy
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Fri, 13 Apr 2007 07:40:36 -0700
I don't think anyone's missing the statement -- people are just (in my mind rightfully) suspicious of these types of scenarios where there are a million other things that could be done that actually solve the problem. It's the company's computer. They think this guy is stealing from them like someone else already did. But, even though the OP's the administrator of a computer his company owns, he has no access to it and the admin account is disabled, and they can't get the guy to run a rootkit any other way. So they want to figure out how to root the box without any boot tools, auto-runs, reboots, or anything else while the guy is taking a whiz so they can see if he is stealing intellectual property all because they are worried about hurting his feelings. It just doesn't sound right.
Seize the box and perform forensics on it and be done with it. Then have a set policy put in place to keep stupid things like that from happening again.
t----- Original Message ----- From: "Shreyas Zare" <shreyas () technitium com>
To: "Pen-Testing" <pen-test () securityfocus com> Sent: Thursday, April 12, 2007 8:47 AM Subject: Re: Boot floppy
Hi, Everyone almost is missing Mifa's statement which is, "Any other ideas how we maight gain access? It has to be fast (bathroom breaks ect). I dont have time to load a live cd. Further, robooting would cause the user to loose work." This means he has to do it quickly without rebooting the machine and no live CDs as rebooting would make the target suspicious of the act. So social engineering will work better in this case. If he has enough powers, he can trojan the machine as its company's property. And the target may be a real danger for the company's security, who knows ?
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Re: Boot floppy, (continued)
- Re: Boot floppy Jamie Riden (Apr 11)
- Re: Boot floppy Juergen Fiedler (Apr 11)
- RE: Boot floppy Wiedemann, Adrian (Apr 11)
- RE: Boot floppy Mifa (Apr 13)
- Re: Boot floppy Michael Munt (Apr 13)
- RE: Boot floppy Sat Jagat Singh (Apr 13)
- Re: Boot floppy Shreyas Zare (Apr 13)
- Re: Boot floppy Morning Wood (Apr 13)
- Re: Boot floppy Packet Man (Apr 15)
- Re: Boot floppy barcajax (Apr 13)
- Re: Boot floppy Thor (Hammer of God) (Apr 13)
- Re: Boot floppy Tremaine Lea (Apr 14)
- Re: Boot floppy Morning Wood (Apr 15)
- RE: Boot floppy Michele Jordan (Apr 28)
- Re: Boot floppy Tremaine Lea (Apr 14)