On 11/2/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > On Thu, 02 Nov 2006 01:15:19 CST, nocfed said: > > > And if you have physical access then you can simply use a floppy, usb > > dongle, or any other type of removable media to boot from. Once > > physical access is obtained then you pretty much have full access, > > barring full disk encryption. > > For bonus points, figure out how to reboot the machine without being > detected. For starters, there's that pesky 'uptime' ;)
Back up the settings and configuration of the Operating System and monitored applications.Then clone the GUID/SID/etc of the machine to the Attackers laptop and do a restore of the backed up data also to the attackers laptop, which had the necessary OS put on it in preparation for the attack. Pull the data cable out of the server and put it in the laptop. You are now free to install your rootkit, reboot the server and then cover your tracks. Replace cable in server and vamoose -JP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
