"If you have non-administrator credentials that get you past the bootloader or the entire boot process hasn't been made secure"
Aside from this, the scenario I've always seen: 1.) Home/regular user that doesn't know/care 2.) Paranoid user or company machine employing full disk encryption However, I think this is still interesting. It's been a while since I've played with Windows boxes and won't have access to one for a couple days, but isn't this triggering off of vendor supplied recovery partitions? This is a regular Windows 7 sole partition box you tried this one? On Sat, Jun 29, 2013 at 11:54 AM, sec <[email protected]> wrote: > If you're not able to boot from another OS because the firmware is > locked down, booting from removable media is disabled, and a software > crypto product is installed, this is a handy way to bypass all that. If > you have non-administrator credentials that get you past the bootloader > or the entire boot process hasn't been made secure, this is an extremely > trivial exploit requiring no special tools. > > I'm making the assumption that the software (or hardware?) crypto is > correctly tied to that machine's TPM to prevent removing the disk and > booting it on another machine. > > Depending on the exact configuration of the target machine, this would > enable the retrieval of sensitive data assumed to be secure, or else > insertion of a trusted machine with malicious payload into a secure > environment. > > I can think of quite a few environments I've encountered where all of > the above assumptions stand. > > > On 2013-06-29 14:49:16 (+0200), Alex wrote: > > Or just add an account to SAM file with local admin privs (while booting > from another OS). Nothing new or special imo. > > > > Am 2013-06-28 19:46, schrieb Anastasios Monachos: > > > >> >> Hi List; > >> > >> > >> > >> The following may be of interest: > http://intelcomms.blogspot.com/2013/05/owning-windows-7-from-recovery-to-nt.html[http://intelcomms.blogspot.com/2013/05/owning-windows-7-from-recovery-to-nt.html]in > particular to those performing physical attacks on Windows 7. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
