Monday, May 26, 2008

Local Physical Attack Against VISTA To Obtain SYSTEM

Pretty cool video doing a local physical attack against a Vista Box.

McGrew Security Blog pointed me to it:

"he demonstrates a quick and easy way of obtaining SYSTEM privileges on a Vista system, given physical access to the machine. In the video, he uses BackTrack to replace Utilman.exe with a copy of cmd.exe . The nice thing about replacing Utilman.exe is that you can make it run before you’re even logged-in by pressing Windows-U."

Its short and worth a look.


gabeleblanc said...

I'm a big fat idiot when it comes to computers and such but when I saw this I thought, well if you already have this kind of access and you can make changes to the HD then why do you need to get Vista cmd. Maybe for the possibility of User priv, but again in big picture context, if your doing this then just upload your backdoor and hit the bricks before you get pwned yourself?!

CG said...

yeah but not everyone has "their own backdoor" or need one to prove their point of hey your physical security sucks. that command prompt proves that point.

i do agree there is much much more and better things to do if you're replacing system binaries and have that type of access.