Slashdot Mirror


Gaining System-Level Access To Vista

An anonymous reader writes "This video shows a method by which a user can use a Linux distro called BackTrack to gain system access to Windows Vista without logging into Windows or knowing the username or password for any accounts. To accomplish this, the user renames cmd.exe to Utilman.exe — this is the program that brings up the Accessibility options for users without sight or with limited vision. The attack takes advantage of the fact that the Utility Manager can be invoked before the user logs into the system. The user gains System access, which is a level higher than Administrator. The person who discovered this security hole claims that XP, 2000, 2003 and NT are not vulnerable to it; only Windows Vista is."

16 of 412 comments (clear)

  1. Cancel.... by FriendSite.com · · Score: 5, Funny

    Allow full root access

    Cancel or Allow...

  2. Is this how it was planned? by websters · · Score: 5, Funny

    A conversation amongst the developers: Dev 1: "You see - we can just rename the exe and then get the job done!" Dev 2: "Is there a risk?" Dev 1: "How? Users without sight or with limited vision will have a hard time getting to cmd.exe to rename it - dumbass!"

  3. Mastercard Ad by this+great+guy · · Score: 5, Funny
    • Getting Camstasia Studio to record your BackTrack & Vista sessions: free (you got the free trial version)
    • Downloading a James Bond music to put it in your flash demo: free (you have got crazy peer-to-peer skillz)
    • Showing the world the amazing things you can do with physical access to a box and that it takes you 60 long secs to painfully rename cmd.exe to utilman.exe: ...priceless
  4. Re:PANIC by jhdevos · · Score: 5, Funny

    Right... They should think of some system where the BIOS will only load code that was digitally signed somehow, so these atrocities are no longer possible. Personally, I will only feel safe when I know that Microsoft completely controls what goed on on my PC!

  5. Re:Long weekend... by Tubal-Cain · · Score: 4, Funny

    [badpun]Why not just call it a NIC like everyone else?[/badpun]

  6. Re:physical access == game over by debatem1 · · Score: 4, Funny

    Maybe if you did it to a Vista machine a decade ago, it would have.

  7. Re:physical access == game over by Count+Fenring · · Score: 5, Funny

    I think we can all agree that any hack involving a time machine is newsworthy.

  8. Re:physical access == game over by debatem1 · · Score: 4, Funny

    For a while, anyway.

  9. Re:physical access == game over by Kugrian · · Score: 5, Funny

    Face it, if an attacker already has physical access to a system -- to the extent that he can run his own Linux OS on it and mess with the contents of its disks -- then that computer is already, entirely owned. This is true for Linux, it's true for OS X, it's true for BSD, and it's true for Windows. That's just the way computers work.


    It's much much harder with Linux. First of all you have to work out how to lure the user out of their basement and away from their computer.
  10. Re:Long weekend... by WI2822 · · Score: 5, Funny

    maybe you should shop for a MAC over the weekend Do you know of any good MAC addresses?
  11. Re:physical access == game over by Anonymous Coward · · Score: 4, Funny

    Not all cripples are crippled all of the time. Sometimes they appear quite normal and then have "spak attacks" which renders them unable to function like real humans. In these cases it is imperative that they can activate sticky keys with their flailing limbs so they can save their work and exit gracefully (well, you know what I mean) from the program.

    Your ignorance and intolerance of cripples and mongs astounds me.

  12. Re:physical access == game over by Oktober+Sunset · · Score: 5, Funny

    I use a 26 char password on a laptop that locks every 5 minutes.

    Once you get used to it, it's not too annoying at all.

  13. Re:physical access == game over by deimtee · · Score: 4, Funny

    abcdefghijklmnopqrstuvwxyz ?

    --
    I'm guessing that wasn't on their radar screen...
  14. Re:physical access == game over by ConanG · · Score: 5, Funny

    No, it's
    qwertyuiopasdfghjklzxcvbnm

    but good guess!

  15. Re:Long weekend... by menace3society · · Score: 4, Funny

    c0:ld:de:ad:be:ef:15:f0:0d

  16. Re:Long weekend... by CanisMajor · · Score: 4, Funny

    That's amazing. I've got the same combination on my luggage!