Re: Windows: Local Security Workarounds-DD

[hdm () SECUREAUSTIN COM (H D Moore)]

Diedra Holley wrote:
> Is there a way to get around someone using cmoskill on a system...I
> recently had a friend that bought a laptop from a friend of his, the
> friend didn't give him any of the passwords...specifically the
> supervisor password I needed to disable one of the programs to allow me
> to get in try and fix it....I don't recall the name of the program now
> but it allowed you to' backtrack' to  another "boot sequence" to
> possibly fix the problem...I couldn't get back far enough to reboot
> before the password was enabled....I used the cmoskill and it got rid of
> ALL the passwords on the system, not just the bios password...it was
> entirely too easy...surely there must be a way around it....

I recently picked up an IWILL BS100 motherboard that has some cool
security options, like making the floppy read only and making the bios
un-flashable.  While this wont stop a hacker with a paerclip (cmos
battery short) or anyone with some free time and physical access, it
does protect you against the run-of-the-mill idiots.

> Also, when I was playing around with my own system, I found that when I
> system with softice on it goes down and you try to reboot that the
> debugger will kick in on reboot and begin 'trying to hack itself' and
> will therefore lock the system....I have my boot from disk enabled and
> tried to use it, but I had the same problem.  As soon as the disk was
> in, softice kicked in again and started doing its thing....I do not have
> softice set to load on startup....

Got me.

> One last thing....I have Cain1.0...it is a password recovery program...I
> have been using it to try and delete users from my ICQ list that have
> used my system and put their information on it...it would seem that Cain
> will not pick up web based passwords and will only pick up sys passwords
> after they have been used once....is there another program I can use to
> get rid of this info from my system?

Search the registry for pass hashes/etc for those programs, also try
deleting *.pwl in the windows directory.  Netscape keeps
easily-decrypted password hashes in preferences.js for each user profile
AND in the registry.

-HD