Many thanks go out to Deral Heiland and crew for coming up with this little hack:
At the last Defcon(13), Deral did a session on the Insecure Windows Workstation, and along with some interesting privilege escalation using the system-level help API, he also explained how to use bart's PE to write a trojaned accessibility app to a NTFS root partition and then use WIN+U before logging in to access a system-level priviledged desktop.
Monday, November 28, 2005
Inaugural Post
{quoted from bart's pebuilder site}
"What is BartPE and PE Builder?
Bart's PE Builder helps you build a "BartPE" (Bart Preinstalled Environment) bootable Windows CD-Rom or DVD from the original Windows XP or Windows Server 2003 installation/setup CD, very suitable for PC maintenance tasks.
It will give you a complete Win32 environment with network support, a graphical user interface (800x600) and FAT/NTFS/CDFS filesystem support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on. This will replace any Dos bootdisk in no time!"
Quite simply, Bart's Preinstalled Environment is the freaking bomb for us tweak-heads who are consistently either fixing [l]user problems or futzing with our systems enough to make them melt down. It's at times like this that you need: a Preinstalled Environment. Now Micro$oft won't make their PE utility available to you unless you are an "active Micro$oft Software Assurance Member." (...Queue the final jeopardy music...)
"Hey wait, I'm not an active Microsoft Software Assurance Member. I'm screwed again! Damn you Bill Gates, damn you straight to hell!!" you say?
Don't feel bad, neither are we, and that is where Bart Lagerweij comes in. This kind and altruistic fellow coded up a solution to help you use those spare windows XP licenses you have laying around, (cough cough, wink wink, nudge nudge). And he did it for free.
Shibby!
Subscribe to:
Posts (Atom)